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lL INTPODUC DION 


Traditionally, computer software evolved in connection 
wlth a particular hardware environment, and often assumed 
features closely related to characteristics of the underlying 
hardware. These so-called closed systems usually have a unique 
set of resources in both hardware and software. However, as 
systems became more general purpose, the requirement for porta- 
bility and reusability of resources across systems increased 
and, consequently, the need for creating greater resource 
abstraction arose [Ref. 1]. 

The problem of formalizing the relationship between hardware 
and software resources was first addressed by Yurchak [Ref. 2] 
whose efforts resulted in the specification and implementation 
of an abstract machine, called AM. 

New data types necessary to represent the abstraction of a 
bit-mapped display resource were added to AM by Hunter [Ref. 3] 
thereby creating AM (version 2.0) as a derivation of version 
UO 

This present research again is an extension of the work 
begun by Yurchak and Hunter with the goal to design and for- 
mally specify a portable, reusable abstract database (version 
3.0). Its two major objectives are: 

- investigate an appropriate methodology to specify an 


interface between the layers of computer hardware and 
software; 
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- find a way for applying such a methodology in order to 
describe the interface of a computing system with 
respect to a database. 


The following is a modification of the introduction presented 
by Yurchak [Ref. 2] and Hunter [Ref. 3], and contains some of 


their ideas which contributes to a better understanding of the 


background and motivation for this research. 


ES THE PORTABILITY PROBLEM 

It is well known that porting large programs from one machine 
to another is an expensive ordeal. It is also well known that 
Enc the software has been moved to the new machine, it is 
anybody's guess whether or not it will be work as before. Even 
if our program seems to work, we may find it consumes more re- 
sources than we expected. Indeed, this may be just as bad as 
NEL did not work at all. 

There are a number of.reasons why the portability problem 
is getting worse, not better: 

- most architectures, even those which profess to be 
"language directed," reflect a bias toward making the 
machine look like what the programmer wants, or toward 
some engineering goal, such as maximizing the number of 


devices: 


- both languages and machines are related to the data they 
manipulate in an implementation dependent way; 


- language and hardware designers pursue their conflicting 
goals to the detriment of the poor compiler writer, who, 
with imprecise tools and methodologies is faced with 
the job of implementing ambiguous semantics on an 
informally designed resource. 

Although these and other factors do adversely contribute to 


the imperfect task of moving software from one machine to 
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another, they add their weight to other difficult issues in 
language design, computer architecture, and software engine. 
ing. This study confines itself to treating the issues ms 
ing the interaction between programmer's view of the world as 
a problem, and the architect's view of the world as a resource. 
The existing problem can EIE be described as a matter 
of unsufficient resource abstraction. And there are examples 
that demonstrate the advantages brought along by consequently 
applied resource abstraction. For instance, many operating 
Systems (OS) already provide a uniform and functional interface 
to the file system, and combined with a high level language and 
its associated runtime services, achieve a high degree of soft- 
ware portability [Ref. 1]. Current research work in the area 
of database machines indicates attempts to develop a system that 
would, like the OS, provide a uniform interface, the first step 
towards portability and reusability. And this trend should give 
some reason to be a little more optimistic. 
1. Abstraction 

"Abstraction" describes the separation of the defining 
properties of an object from other, unnecessary details about 
it. A programmer is primarily concerned with solving a prob- 
lem. Appropriately, the tools at hus disposal, programming 
languages, development aids, the programming environment, form 
a “problem solving abstraction." The hardware (and some of 
the software) on which this problem solving abstraction is 


implemented, however, is an abstraction of a different seme 


E 





Addresses, registers, ports, most of the operating system 
service routines, all provide more or less efficient ways to 
manipulate the physical p of the machine, they form a 
"physical resource abstraction." 

The fuzzy area between these two abstractions, sometimes 
simplistically perceived as the boundary between hardware and 
software, exposes a number of shortcomings in language design 


and computer architecture collectively termed the "semantic 


gap. 
As mentioned before, proper resource abstraction plays 
a major role in the attempt to resolve the portability problem. 
In areas other than the Operating systems, abstraction however, 
seems to be rather difficult. Processors and visual displays 
are examples. The inability to establish a meaningful abstrac- 
tion has impeded the formation of standard functional inter- 
faces to these resources. Operating systems generally do not 
provide a functional interface to either the processor or the 
EE us. Programs which access these resources directly, 
simply are not portable. High level languages (HLL) partially 
fill the gap left by OFs for the processor resource. Unfor- 
tunately, the interface level is high enough to force many 
applications to bypass the HLL for efficiency. Special graphics 
packages that extend the OS provide similar services for the" 


display resource. But despite these efforts, the problem is 


except emos e Ludimentary way, OS function calls to 
tne display are usually limited to character and string 
Swe ouct . 
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still far from solved. The lack of formal means to spec Xx de 
interface that the operating systems, high level languages and 
graphics packages attempt to provide is a serious shortcoming 
that impedes portability. 

The same applies for database systems, too, whicn al- 
though more recently introduced in computer history not only 
offer a whole set of different and incompatible database models 
from which to choose, but also force the implementor to adopt 
the corresponding query language. The latest development is 
towards the so-called backend approach that reduces the workload 
of the host computer in a very impressive way by separating 
the database part from the mainframe and letting it run as 
autonomously as possible; but the above described interface 
problem remains unsolved. Thus, at present, the variety that 
Originally was created to optimize a data base to meet the 
respective goals, strongly interferes with the idea of 
reusability. 

2. The Semantic Gap 

The semantic gap manifests itself anywhere a problem 
solving abstraction touches a physical resource abstraction. 

A detailed description may be found in Myers [Ref. 4]. He 
observes that the semantic gap contributes to the cost of 
software development, software unreliability, inefficiency, 
complexity, and the distortion of programming languages. Cer- 
tainly: no single development or methodology will eliminate this 


problem. 
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Narrowing the semantic gap requires Significant changes 
in tne fundamentals of computer architecture and language design. 
We chose |poacsuecomi5utesonmwbEhree factors which significantly 
tribute to this problem: 

- informally described semantics; 

- representation dependent data types; 

- arbitrarily designed instruction set architectures. 
The implication, of course, is that through increased formalism, 
the introduction of representation independent data, and a more 
throughtful treatment of the instruction set, the semantic gap 
can be narrowed. The balance of this thesis is devoted to 


describing a methodology for doing just that. 


pee THREE WAYS TO NARROW THE SEMANTIC GAP 
ie Formalism 

The benefits of formalism in the design process have 
been amply revealed in countless articles treating this issue 
from the standpoint of software engineering. Our concern will 
be limited to formalism as it applies to the specification of 
an abstraction. Various specification methodologies exist, 
many Of which have been used with more or less success in pro- 
jects of practical significance. But we caution the reader 
that by "formal" we mean a mathematical rigor rooted in proven 
theory. The idea of formalism as often applied to software 
engineering will not do here. A "formal specification" is a 


complete description of the meaning of an object. It forms the 
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basis for an abstraction and is ultimately a bridge over 
semantic gap. 

The benefits of formalism in which we are most inter- 
ested ares 


- it provides a firm basis for proving our assertions 
about a specification and its implementation; 


- it encourages a discipline on the part of the designer 
to be rigorously precise; 


- it compels us to find ways of describing things which 
are (implementation) independent. 


2. Representation Independence 

Conventional machines, in contrast to the AM, force 
us, aS programmers, to develop our own abstractions of data. 
At a time when we are most concerned with developing clean 
algorithms the architecture obligates us to worry about status 
registers and word length. Certainly someone must ultimately 
deal with these physical properties of the hardware, but this 
should not fall as an "obligation" upon the programmer. The 
programmer should be free to ignore unnecessary detail. 

Displays are equally difficult. Often the programmer 
is forced to deal with display data at a very low level. In 
order to create his display, it may be necessary for him to 
work at a level of poking bits out the processor port to the 
terminal. By defining data types that include objects which 
represent concepts appropriate to visual display process 
the programmer will be freed to work at a higher conceptual 


level. 
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mue: eno cemmon nature of this problem, with the 
database we find ourselves in a situation not much simpler 
than the one just described. Since a single database is usually 
designed to fulfill only a very specific task, for instance, 
running the passenger reservation system for an airline, first 
of all the logical structure of the database to be created must 
be developed. This can be done using a data structure diagram 
which contains all the required entities including the relation- 
ship among them. But while this step is achievable without 
consideration of the later implementation, we have to give up 
this kind of abstraction in the second phase when the diagram 
1s transformed into a design that conforms to the limitations 
and peculiarities of a given database management system (DBMS). 
The programs themselves which may be created in parallel with 
the development of the logical database structure must apply 
to the standards of the database type chosen, thus putting the 
programmer in a similar situation as for all conventional 
machines. 

We will attempt to minimize the dependence of data upon 
its representation through the use of "abstract data types." 
Our notion of data is very general. It ranges from integers, 
to image and database objects, and to program instructions. 
Data type representation will be hidden and abstract operations 
will be provided in the same way as with traditional abstract 
data types. If these data types can be kept representation 


independent, then portability is aided. 
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3. Intent Expressive Resource Abstraction 

Conventional architectures do not permit us to unam- 
biguously express our intent in a program. Artificial data 
types, combined with typical resource models, force ambiguity 
and the overloading of data structures. Stack frames are a 
good example of this. The semantics of the frame combine tnose 
of an array and those of a stack. Meanwhile, the whole thing 
is implemented in memory, with the data types overlaid on an 
array of fixed length cells. 

We claim that applying methods similar to those used 
to describe abstract data types, we can describe an abstraction 
of the physical resource of a machine which benefits not only 
from the formalism used to specify it, but also permits the 
implementor to clearly interpret the intent of programs written 
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C. METHODOLOGY 

The goal of the research done by Yurchak and Hunter, and 
now of this thesis is to contribute something of practieam 
Significance to the study of software portability by treating 
an area whicn has been largely ignored, the design of a formal 
abstraction for the computing machine itself. We have innumer- 
able high level programming languages, programming environments, 
graphics languages, database macnines (backend processors), 
query languages, file systems, operating system command inter- 


preters, a whole host of different abstractions talleored eon 
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task of providing us with just enough information to do every- 
thing we need to do, and nothing more. So why, then, have we 
failed to develop abstractions for the hardware resources, upon 
which we are so dependent, which are more than just a collection 
of registers, opcodes and some arbitrary rules about how they 
interact. A more difficult but certainly more important task 

than actually defining the abstraction is developing a methodology 
for producing otner resource abstractions. 

Our method has been to take a naive approach towards all 
areas of the design and implementation process not directly 
related to the specification itself. We do this for two 
reasons. First, we can take for granted the large body of 
research in programming languages and computer architecture, 
we are designing neither a language nor a processor, even though 
"ad hoc" examples were required to complete the implementation. 
Second, the research is intended to benefit programmers. Since 
it is unreasonable to expect those who may use this method to 
understand the theory behind the specification, the key to 
understanding the reasons for our design decisions lies in the 
way we coded it. Thus, cleverness has been eschewed in favor 
Er clarity. 

Our task in this thesis, then, is to examine a wide range 
of issues which impinge on the process of designing and imple- 
menting the specification of a database system, and then to 


describe how we went about actually doing it. 


I 
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The formal specification method used to define the Abstract 
Machine (AM) is based on algebraic semantics. This approach 
was chosen because algebras, due to their hierarchical struc- 
ture, enable us to deal with complex problems or to control 
complex situations by decomposing them into simpler subproblems, 
with clearly determined interfaces. 

Clean interfaces, on the other hand, provide a sound basis 
for modifying or combining existing programs, which is our in- 
tention in advancing AM from version 2.0 to version 3.0. EW 
algebraic semantics also contribute to solve the portability 
problem for software systems, since they represent a high level 
of abstraction which is the only promising means to narrowing 
the semantic gap. 

Abstraction allows us to deal with concepts apart from 
particular instances of those concepts and to concentrate on 
the essentials only. Abstract data types are the fundamental 
elements a formal specification is built upon. Guttag [Ref. 5] 
states that to describe an abstract data type precisely, its 
Specification must comprise both the syntax and the semantics. 

According to Guttag, a formal specification should meet 
the following criteria, which were taken from Hunter. | Reca 


If Tt as to be useful 
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- it must be restrictive enough to ensure that nothing 
unacceptable to the specifier will meet the require- 
ments imposed by the specification; 


- it must be sufficiently general to ensure that few, if 
any, acceptable entries are precluded; 


- it must be understandable, so people can work with 
iE, 


From [Ref. 2], we note that to achieve true portability, we 
must be able to demonstrate the following properties in our 
implementation: 


- the specified semantics actually implemented on the 
source machine are completely unambiguous; 


- the implementation on the source machine is "correct." 
Thus, our method of specifying must be formal enough to permit 
proofs of correctness. Exhaustive testing, however, especially 
when dealing with complex specifications, is usually not 
feasible and so the only true statement we can make is that 
our specification is correct at least with regard to those 
tests actually performed. 

Algebraic specifications meet the above criteria for achiev- 
ing true portability. Here we find a significant body of re- 
search already in place in the area of abstract data type 
specification. Goguen [Ref. 6] and Guttag [Ref. 5] treat this 
topic in great detail. We will not so here.: Instead we give 
an overview of the important concepts of abstract data types, 
and direct the reader to the original works for more in-depth 
Study of the underlying thoery. Davis [Ref. 7] provides the 


theoretical basis for the resource specification method. 
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Davis [Ref. 1] also provides additional background but with 


an emphasis on practical issues. 


A. ABSTRACT DATA TYPES 

The underlying principle that gives mathematics the power- 
ful tool for generalization is its intention to specify the 
fundamental nature of a system by stating only a few basic 
properties. In order to describe an entire system by means 
of a small number of its characteristics it is necessary to 
find out what exactly these characteristics are and how to state 
them in terms that define all the systems of this particular 
category. This can be achieved effectively by applying the 
technique of data abstraction, which is a synonym for the term 
"abstract data type." 

In general, abstract data types refer to the fact that 
permissible operations on the data ojects are emphasized, 
while details about the representation of the data objects 
are suppressed. Because data abstraction focuses mainly on 
functional properties but ignores unimportant things like 
representation details, only some of the many possible func- 
tional properties have usually to be specified. This allows 
us to define even complex systems by means of abstract data 
types, or in other words, via certain sets of data values to- 
gether with the corresponding sets of primitive operations sea 
those values. 

The properties of abstract data types again are specified 


by algebraic axioms which define all mathematical systems and 
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provide the basis for deriving additional properties that are 
implied by the axioms. This will be discussed in more detail 
later in this chapter. 

The stack, queue, or list serve as typical examples to 
demonstrate how data abstraction works; all of them can be 
characterized by simply defining the essential operations that 
may be performed on each individual system. For example, a 
list could be characterized by operations such as NIL that 
creates an empty list, FIRST that returns the first member of 
the list, PREFIX that adds a new member to the front of the 
list, and NULL that tests for an empty list. Using this ap- 
proach the programmer need not care about how the list and 
its manipulating functions are actually implemented, which 
allows him to concentrate on his programming job. And this 
principle definition of the list can be used for all systems 
of type "list" because the description has been kept very general 
by means of abstraction. | 

Besides providing us with a very important mechanism for 
writing well-structured programs, abstract data types make 
program modifications easy. As long as the interfaces of the 
manipulating functions remain unchanged, internal details may 
be modified without affecting other program components in an 
unwanted way. 

Thus, in applying the methodology of data abstraction we 
are forced to clearly specify our intentions, which in many 


Situations is the stimulus to think intensively about what a 
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system really is or does, and then to describe the result in 
an unambiguous manner. Due to its clear style and high level 
of abstraction, the so-defined system not only is independent 


of its originator, but is also easier to understand. 


Bef STRUCTURES 

So far we have discussed how to use the mechanism of abstrac- 
tion in order to handle complex systems but we're primarily 
concerned with the consideration of the permissible operations 
on those systems, like the PREFIX operation for lists. In this 
paragraph we will now examine the more systematic definition of 
structures. Clocksin [Ref. 8] defines a structure as a single 
object that consists of a collection of other objects, called 
components. The components are grouped together to a single 
structure for convenience in handling them. Thus, a structure 
can be characterized by the kind of its components and the way 
they are arranged. Structures are helpful.in organizing data 
Since they allow a group of related information to be considered 
aS a Single object instead of different ones. The decomposition 
of data into individual components depends solely on the pur- 
pose which is to be achieved in solving the particular prob- 
lem; so it is up to the programmer to create the structumes seme 
contribute most in reaching his intended goal. 

To return to our former example, the list, which is aW Wm 
ture itself, what exactly are the kinds of components anc (EE 


allowable arrangements? For the list as an ordered sequence of 
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elements the order of the elements in the sequence matters, or 
as stated in MacLennan [Ref. 9], the allowable arrangements are 
finite linear orderings. The components of a list may be any 
terms, including constants, variables, booleans, and lists 
themselves. Due to these properties lists can represent prac- 
tically any kind of structure that might be convenient for 
symbolic computation. 

So, for example, if one would like to describe a thing on 
the basis of certain attributes corresponding to it, the enumer- 
ation of these attributes could be considered as creating a 
list by which this thing can be defined: 
attribute 


thing: attribute .. attribute, 


d 2 
Bringing the attributes, or components of the list, then into 

a particular oder and specifying the values they may take, enables 
us to create classes of related lists. This can be very useful 


in grouping things of the same type together, as it is the case 


in all database systems: 


class: 

] : «ai | ] P | 2 
thing, attribute,,, attribute, ,, attribute), 
thing,: <attribute,y + attribute,» ++. attribute, > 
ung Ww sttrrbpute *", atEribute_ ,.,... ,attribute__> 
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This simple example will be discussed in much more detail in 
the following chapters. 

In the previous paragraph we have already determined the 
primitive operations performed on lists. There are three 


classes of operations on structures in general: 
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= constructors which allow us. te baill o SE Cone a 
accordance with its predefined characteristics (like 
PREFIX fór lists), 


- selectors which allow us to obtain a component from 
the structure (like FIRST); 


- predicates which allow us to determine the arrangement 
of the components in a given structure and return a 
boolean value (like NIL). 

Depending on the kind of structure one wishes to describe, 
there is a certain number of operations required; for lists 
it turns out that just six operations (two for each conse. 
tor, selector, and predicate) are sufficient, while, for 
example, the description of a stack would require only five 


operations (NEW and PUSH as constructors, POP and TOP as 


selectors, EMPTY as predicate): 


STACK CONSTRUCTORS SELECTORS PREDICATES 
empty NEW = EMPTY 
nonempty PUSH POR = 
TOL 


But apart from the number of actual operations which is varia- 
ble, the three fundamental classes of operations remain un- 
changed for any structure. And there is one more point that 
Should be mentioned: Selectors and constructors invert each 


Other in some cases. For example, for the stack we have 


POP (PUSH (stack, X) ) = stack 


which means that pushing an item X onto a stack and immediately 


popping it off again leaves the stack unchanged. The same 
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would be true for 
PUSH (POP (stack) ,Y) = stack 


if the same item Y just popped off the stack was immediately 
pushed back onto the stack again. 

But as fine as the inversion of selectors and constructors 
works for stacks (unrestricted in the case of POP(PUSH)) or 
for lists, it would not work for queues because items are then 
added to the rear end while always removed from the front. 
Keeping these correlations in mind makes it easier to develop 


our algebraic specification later. 


EL OALGEBRAIC SPECIFICATIONS 

Specifications are particular and detailed descriptions of 
things; they contain essential information about the dimensions 
and peculiarities of the described objects. They furthermore 
ES nt a convenient way to describe the generally infinite 
objects of initial algebras in finite terms if we want to build 
our abstract data types on an algebraic basis. 

Such a specification is also known as "operator signature" 
and consists of two major components: 

- the syntax whose purpose is to define the constants and 
operations as well as the axioms as intermediate step 


in developing the semantics. 


- the semantics of the data type as part of the realization 
which is mostly of concern for the implementation. 


In mathematical notation a specification can be seen as a 


triple <S,2,£> where X is a S-sorted signature (this means, it 
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is based on the operands of sort S) and € is a set of Xem 
tions. Here <S,2,€> specifiês an abstract data type by defin- 
ing T» < which represents an isomorphism class of t-algebras. 
An algebraic specification represents something between our 
intuitive sense of what we want and the actual computer code. 
This characteristic feature facilitates the translation of our 
ideas into working programs and narrows the scope of possible 
interpretation by the application programmer. It also allows 
us to augment an existing data type by introducing so-called 
derived operators without the need for rewriting the initial 
Operations, or to extend existing specifications to make their 
data types available to others, thus avoiding unnecessary 
redundancy. 
IAS) MECO S 

The definition of an abstract data type itself should 
tell us all we need to know for using it effectively. But 
ist AN how can we be sure that we have selected the 
correct level of abstraction to begin with? MacLennan [Ref. 
9] states that there is in fact no formula for calculating 
such a correct level, it rather depends on our individual view 
of the world and our needs at the moment. The chosen approach 
Should, however, guarantee that it really models our abstrac- 
tion of the part of the worlds y e jus pro cs pa, 

So, in order to start we list the constants and the 
primitive operations on the data types to be defined and, in 


doing so, we create the legal ways in which expressions in- 


volving these data types can be constructed. 
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For each primitive operation it is necessary to explicitly 
state the 
- name of the operation; 
- type(s) of its argument(s); 
- type of value returned; 
thereby setting the domain of the arguments and value for 


each operation: 
operation: (argumenttype, argumenttype.,... argumenttype_) > valuetype; 


As an example, the syntax for integer addition could be written 


in the following way: 
add(integer,integer) > integer; 


The syntax chart for the general case which is a modification 
of the charts usually found in the ADA programming language is 


shown in Figure II.l. 
p loperation|-- o == "o | argunent| == O) -— E) -->| value | 


EE Chart 


In short, the purpose of specifying the syntax of an abstract 
data type is to define 
1) the legal forms of expressions, and 


2) the way in which the constants and operators can be 
combined into expressions. 


29 


Generally, it seems to be wise to build specifications mea 
bottom-up way, which means starting with the most primitive 
type of data and then proceeding in gradually reaching a higher | 
level of abstraction on the basis of the more elementary types 
while hiding the details of the lower levels. 

But in spite of this approach, each data type hasto 
be considered independently of its later implementation and 
must be treated at any given level as if it were itself a 
primitive one which, on the other hand, could lead to =a 
redundancy. 

2. Axiom Part 

Having defined the legal (or well-formed) expressions 
and the types of values they return in a rather symbolic way, 
we next consider the meaning of those primitive operations, 
this means, answering the question of what values they» im fact 
compute when given legal inputs. This is done in the axiom or 
property part of the specification wnich therefore can be re- 
garded as a refinement of the preceding syntax definition. 

Semantics, in general, deal with the actual realization 
of our formal terms; here we are, in accordance with our inten- 
tion to use an abstract terminology as far as possible, not yet 
interested in any programming language that could do the job, 
but prefer to give a set of mathematical equations, or axioms, 
which define the meaning of the operations in a way entirely 
independent of the final implementation. This approach of 
applying mathematical techniques eases the reasoning about 


well-formed expressions. 
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Trying to mathematically specify the axioms we face 
the’ problem of what it is that has to be specified and to 
what extent. As for determining the correct level of abstrac- 
Ito start with, theré is no definite solution to this 
problem. Basically, we want a set of equations which defines 
the properties of all well-formed expressions. It is mainly 
up to the creator of the specification to decide what kind of 
meaningful interactions between the operators should be included, 
as long as these equations are complete and define the result 
of a function for all legal inputs. 

For example, the properties for the operation ‘integer 


ENuurtron/subtraction' 


+,- : (integer,integer) --> integer; 


could be described as follows: 


atb = bta; /*commutative*/ 
at(brc) - (atb) +c; /*associative*/ 
a+0 = a; 

a+(-a) = 0; 


apa (=D 


The final step then would be to find the minimum complete set 

of equations, which means listing only those equations abso- 
lutely necessary to define the properties of the primitive 
Operations, including implicit statements. But since it is 
sometimes more convenient to directly state equations which, 
thinking strictly mathematically, are already contained in other 
statements, it is legitimate to introduce them as so-called 


derived operators. 
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An example of such a derived operator is the boolean 


function IMPLIES: 
IMPLIES (X,Y) = OR(NOT X,Y); 


which is equivalent to the combination of two simpler functions 
containing NOT and OR. By this means we can add new operations 
and their defining equations to a data type, whenever it is 
useful within the specification. 

3. Problems with Algebraic Specifications 

From the preceding paragraphs it should become clear 
that there is no other way in creating a database for the Ab- 
Stract Machine except of defining a formal specification first. 
This gives us the tool to concisely describe our intentions in 
an unambiguous and rigorous manner. But it also forces us to 
view the overall problem of what a database actually represents 
in a strictly mathematical way. This means, we first must 
determine the primitive names that form the syntactic realm and 
describe all legal operators. We then must specify the corres- 
ponding universe of discourse, which contains our primis 
objects, and the functions that map each name from the syntac- 
tic domain to its counterpart in the semantic domain. 

Although this approach often does not harmonize with 
our intuition, since the human mind tends to be more liberal 
than rigorous, it has the distinct advantage of providing us 
with a clear structure which is easier to understand and where 
each defined operation can be proved correct. We consider 


this basic type as the mathematical part of the specification. 
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This method furthermore has the advantage that, given 
the operation presently performed and the current state of the 
machine which corresponds, as Fairley [Ref. 10] states, with 
". . . the information required to summarize the status of 
system entities at any particular point in time, . . . the 
next state can be determined." 

During the research phase for this thesis, however, it 
became obvious that it often is very difficult to translate 
relatively simple models of the real world into terms of alge- 
braic expressions. Besides avoiding unwanted inconsistencies 
the problem centered on the formal requirements for being precise 
and for specifying the fundamental parts of our database, 
wherever possible, by stating only the absolutely indispensible 
basic properties of the system from which all other operations 
can be derived. 

Thus, in the beginning of our work the syntactic speci- 
fication of the stack operations was studied. But due to its 
Exon first-out property which is not very helpful for data- 
base operations, the stack did not provide the paradigm with 
which to continue. As a more suitable example that manifested 
the difficulties in writing an algebraic specification the 
first-in first-out property of queues was then examined. The 
specification shown in Figure II.2 is built upon an example 
given by Fairley [Ref. 10]. In this example (Figure II.2), 
CREATE and WRITE are serving as constructors that build up or 


fill the queue. EMPTY and READFRONT describe its behavior. 


3 


y ln 


Operation Domain Range 

CREATE ( ) --> queue 

WRITE (queue, value) --> queue 

READFRONT (queue) --> value 

DELETE (queue) --> queue 

EMPTY (queue) --> boolean 
Axioms: 

EMPTY(CREATE) - true 

EMPTY(WRITE(gueue,value)) - false 

READFRONT(CREATE) - error 

DELETE(CREATE) - error ; 


DELETE(WRITE(queue,value)) - 


if EMPTY(queue) then CREAT] 
else 


WRITE (DELETE (queue) , value) 


READFRONT (WRITE (queue,value)) = else 


if EMPTY (queue) then value 
READFRONT (queue) 


Figure II.2. A Simple Specification for the Queue 


DELETE acts as a modifier to the queue. While READFRONT always 
returns a copy of the value sitting in the front position, the 
operation DELETE actually removes this value from the queue, 
thereby changing the state of the system. 

The problem encountered here is that we are not able to 
clearly define all of the axioms but instead are forced to make 
some concessions in accordance with the prevailing state of 
the queue. This is caused by the fact that the value presently 


read from the queue is not necessarily the one entered last 


(compare Figure II.3). 


Si 
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Figure II.3. The Queue Principle 


To remain consistent it is therefore necessary to introduce the 
conditional "if-else" statement for a part of the axioms which, 
on the other hand, takes away some of the simplicity. Compared 
with the stack operations where it is sufficient to increase 

Or decrease a counting device by a number of l with each item 
added to or subtracted from the stack, the queue operations 
require a more sophisticated mechanism to keep track of every 
single item in the queue, if one really wants to be precise. 
This precision could be achieved by indexing the items when 
inserted into the queue. The syntax for these operations is 


easily defined, as shown in in Figure II.4. 


Syntax: 
Operation Domain Range 
CREATE ( ) --» queue 
WRITE (queue, value.) --» queue 
READFRONT (queue) ==> value. 
DELETE (queue) E --» queue 
EMPTY (queue) --> boolean 


Figure II.4. Syntax Part for an Index Queue 
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But since we have introduced the index values "value." and 
"value, , we now must describe their particular properties in 
the axiom part. This obviously is a complicated method ideas 
cribing the relatively simple arrangement of a queue in terms 
of an algebraic specification, and also proves to be a rather 
difficult effort. But to our knowledge, there is no really 
elegant solution to this problem available at the present time. 

The previously mentioned indexing methodology can only 
be simplified by reducing the queue to its basic operations in 
a similar way as done with the abstract specifications for the 
natural numbers or integers. Here, for example, the number 1 
is expressed by the paraphrase "succnat(zeronat() )," and each 
succeeding number can be described by adding just another 
"succnat" in front of this fundamental expression. Applying 
this technique to the queue problem allows us to keep track of 
every single value written to the queue and read or deleted 
from It, 

So instead of introducing the extra indexing operation, 
we could integrate the state of the queue ('quaddr') and modify 
the specification as demonstrated in Figure II.5. On the 
basis of these few axioms it becomes possible to describe each 


state of the queue by an appropriate combination of the given 





Operations. The following is an example of this: 
READFRONT (WRITE (WRITE (INITIALIZE) vil, v2) P K /*v:valu€cj 
READFRONT (DELETE (WRITE (WRITE (INITIALIZE() YNN. — 
READFRONT(DELETE (WRITE (INTTIALIZE (1.11) = smear. 
( 


READFRONT (WRITE (DELETE (WRITE (INTITALIZE O ANNA v2; 
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C ax: 


Operation Domain Range 
INTTIALIZE (qaddr,state) mc state 
READFRONT (qaddr,state) a Lue 
WRITE (value,qaddr,state) --> state 
DELETE (qaddr,state) --> state 
Axioms: 
READFRONT (qaddr, INITIALIZE (qaddr,state)) = undef; 
READFRONT (qaddr,WRITE (value,qaddr, INITIALIZE (qaddr,state) ) ) 
= value; 
DELETE (qaddr, INITIALIZE (qaddr,state)) = undef; 
CETE gaddar WRITE (value, qaddr,INITIALIZE())) = INITIALIZE() ; 


DELETE (qaddr,WRITE(value,gaddr,state)) = 
WRITE (value,qaddr,DELETE (gaddr, state) ); 
meenot (INITIALIZE () ) 
then READFRONT (qaddr,WRITE(value,qaddr,state)) = 
READFRONT (qaddr,state); 


endir; 


Mnr eS A Specification for the Queue Including 
the State f 


From these examples, where we omitted the arguments "qaddr" and 
"state" in favor of clearness, the importance of placing the 
parentheses into the correct locations becomes obvious. The 
previously defined operations are illustrated in Figure II.6. 

A value different from the one residing in the front position 
can only be read from the queue after the front value has been 


deleted, so a 


ENADBERONT(READERONT(IWRITE (INITIALIZE(),vV))) 


o 


in (WRITE) m queue out (DELHWE: 


operation INITIALIZE 


o s > | yaun] zm kaum 


momentary state 





val (nrl) SE DELETE 
— ML > | ven | val(3) val(2)|-----g Ra 
a ii © [erase val(1)] 
change of Stave 
Figure 11.6. Illustration of Queue Operations 


would return two times the value "v", which is simip au Ku Kuas 
corresponding TOP operation for the stack. Although by this 
method some of the axioms and the "if-then-else" statements 
could be eliminated and furthermore, the requirements for an 
abstract specification can be satisfied, it does not seem to 
be an elegant solution to the queue problem either. The reason 
for integrating this deviation into our research work was to 
give the reader a better understanding of the problems that 
had to be managed in writing a formal specification stom. 
database, which is not as simple as the queue. 
4. Error Handling 
A major aspect in creating a specification is how to 


deal with the situation should the user manipulate the defined 
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Operations in a way that would result in an error. Because it 
is part of the human nature to fail once in a while, vital 
systems tend to be equipped with exception handling mechanisms 
which prevent the overall system from breaking down and becoming 
worthless, should a predefined type of error occur. This is 
also known as fault tolerance or lenience, and represents the 


t 


opposite to the more mathematically sound term "strict," where 
a function becomes undefined whenever one or more of its argu- 
ments are undefined. 

Error detection always causes a great deal of problems, 
and once having been successful it is a rather philosophical 
question of how to proceed, as long as a collapse of the entire 
system can be avoided and we get the information that a certain 
error has occurred. In general, every attempt to handle this 


problem should be based on the understanding that 


- any operation which encounters an error is computationally 
meaningless; 


- if an operation encounters an error, then any subsequent 
operation which utilizes the erroneous result must also 
ae cUrn an error; 

- errors must not be hidden, but must be known to the user. 
These statements were directly taken from Hunter [Ref. 3], since 
he considerably modified the error handling routines for the 
Abstract Machine (version 2.0), which will be discussed later 
m this section. 


One interesting but mathematically not indisputable 


approach was introduced by Guttag [Ref. 5] with the term 
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"undefined" for equations whose values were not determinable, 
for example, when attempting to read an item from the empty 


stack 
READ (CREATE) = UNDEFINED. 


But since the operation READ can only return a value from the 
stack, we either have to treat UNDEFINED itself as a value or 
READ as an only partially defined function. 
In the meantime, this problem was solved by Davis [Ref. 

1]; his method has been applied to the AM specification and 
will be described below. 

| Another approach that was used by Yurchak [Ref. 2] for 
the initial AM (version 1.0) is to modify the specification and 
include an error message. However, it soon became obvious, that 
in adding such an error message to the specification, care has 
to be taken of all the possible combinations the newly created 
error message could be involved in. This is inaccordance with 
the above listed understanding that, if we get an error, any 
Operation on it yields an error, too. But it also means that 
the number of additionally needed error axioms quickly leads 
to an extent which is no longer reasonable. 


To get an idea what dimensions we easily reach in order 





to remain consistent, we only have to consider the part of 


the specification for natural numbers that deals with the specialjg 


error axioms: 
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PREDNAT (ZERONAT() ) = NATERROR; 
) 


PREDNAT (NATERROR — NATERROR; 
SUCCNAT (NATERROR) = NATERROR: 
SUMNAT (N, NATERROR) = NATERROR; 
SUMNAT (NATERROR,N) = NATERROR; 
SUMNAT(SUCCNAT(M),NATERROR) = NATERROR; 
SUBNAT (N, NATERROR) = NATERROR; 
SUBNAT (NATERROR,N) DU ERSBOR; 
MLTNAT (NATERROR, X) NER OE; 


° 


where NATERROR would have to be specified as the extra operator 
class 

ERROR 

OP 

NAPE R ROR ==> NAT. 
Although these error axioms would reduce any term containing an 
error to the error message of the appropriate sort, thus 
eliminating unwanted elements of the carrier of sort NAT in 
the above example, it is obviously not practical to follow this 
approach. We therefore succeed with the concept of "undefined" 
as introduced by Davis [Ref. 1] and described by Hunter [Ref. 
3], since this method allows us to keep the number of additional 
axioms manageably low. 

The underlying principle is just a different way of 
viewing the mapping of elements from a given domain to their 
images using a certain function. For example, if we let f be 
a function from A to B and let A' be a subset of the domain A, 
then f(A') denotes a subset of B, the image of A' under f. We 


now consider A' as the domain of our constants and operations 


4] 


defined in the syntax part of the Specification. Pur Cne ane 
we are interested only in the corresponding values they are 
mapped to by the function f (see Figure II.7), while ignoring 
all the undefined operations in the set A-A', or in other words, 
the attempt of mapping an element from the undefined set re- 


sults in an undefined value: 


undefined 





partially 


defined 
za 


È I 
defined 


Figure II.7. The Problem with Undefined Operations 


"Undefined" has the following properties: 
- undef is used to describe the illegal operations; 
= if t = undef then A(X] (RA E Xp) = undef; 
an expression; 
- any equation containing undef is equivalent to undan 
- ina realization, if undef is encountered, the processing 


nalts immediately and an appropriate error message is 


| 
| 
| 
where "A" is any operator in the specification, and UXQ^ is 
given. 


42 


So, instead of listing every single possible NATERROR, all we 


Mave to do is add the axiom 


PREDNAT (ZERONAT() ) = undef; 


to our specification of the natural numbers, which served only 
as an example for the general case, thereby solving the "prede- 
cessor of zero" problem without the introduction of a special 
error operator. The effect 1S to restrict the range of free 
variables that apply to an axiom. This becomes clearer if we 
look at the following construction, where we substitute 


ZERONAT() for the free variable n: 


SUOCUAT(RPREDNAT(n)) =n; /*axiom to start with*/ 
now replace n by ZERONAT() 

SUCCNAT(PREDNAT (ZERONAT() 9) = ZERONAT (); 

SUCCNAT(undef) - ZERONAT(); 


undef = ZERONAT(); 


The evaluation of this axiom shows that substituting ZERONAT() 
for n leads to an undefined result, which is quite correct, 
but returns the appropriate value for all free variables 
otherwise. 

Thus, PREDNAT(n) does not exactly belong to the set of 
constants and operations defined in A' because for some cases, 
or precisely when n is replaced by ZERONAT(), the value it maps 
to becomes undefined. We therefore say PREDNAT(n) is only 
partially defined and must be seen, similar to the POP operation 
For stacks as a member of the overlapping set of partially 


defined operations (Figure II.7). 
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Analogously, we receive a similar result for all those 
specified data types where a faulty user action may turn out 
as something undefined, like trying to read a value from the 
empty stack or queue. And Since this method has already been 
applied to the Abstract Machine (AM) by Hunter, this is one 


more reason to Contine vith ite 
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MU — AO O THE, INTE RPACE 


Data that is stored more or less permanently to be manipu- 
lated by a computer resource represents in some way a simple 
database, where the software which uses or modifies these data 
is known as the database management system (DBMS). The differ- 
ence that makes a database superior to file processing systems 
which can be considered as predecessors of the database and 
will be widely replaced by this newer technology, is their 
capability to provide via the DBMS more information from a 
given amount of data. The DBMS itselfis a complex and usually 
large program that acts as a data librarian. If we follow the 
approach presented by Bjorner [Ref. ll], we can view the DBMS 
as the realization of a certain database model; this then 
allows us to divide the further treatment into the two parts 
abstraction and realization, which correspond to the database 


model and the database management system. 


A. BASIC DESIGN PRINCIPLES 

In this part of our work we are not yet concerned about the 
realization but rather concentrate on the problem of how to 
formulate a useful abstraction of the database resource. As 
seen, the desired state of abstraction can be reached by ex- 


tracting the fundamental properties of the object of concern 


on a level which suits our intentions best. A way to do this 
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is to look briefly at the design methodology described by Booch 
(ref. 12] that works for the general case. 
l. Definition of the Problem 
To get started and to make the overall framework of a 
database more understandable, models are helpful tools because 
they enable us to express relatively complex things in a simpler 
and more evident way. A tree is often used to represent the 
data structure and the relationship between different members 
of the database. One of the typical requirements for a data- 
base system is to find a certain property among stored objects. 
For example, an object with the properties A,B,C,D 
could be described by a simple tree (Figure III.1), where the 
object is represented by the root and the properties by the 


leaves of the tree. 


o o 
A B e D 
Figure III.l. Tree Representation of an Object 


In combining different objects we can create-very complicated 
trees (also called a hierarchy) which represent the rela 
Ship in a clear way that otherwise would be difficult to des- 


cribe. Our goal now is to develop a system that checks the 
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leaves of the tree for a given condition which could be con- 
Sidered as a step towards the often applied function of search- 
ing for a particular object in a database. 

A“ C Informal Strategy 

While still ignoring the question whether such a tree 

will actually be represented as a sequential, linked, or in- 
verted list in order to see if a certain condition is satisfied 
by any of the objects, we can apply the following informal 


strategy: 
Find all stored members that satisfy condition B. 


Figure III.2 gives an example how this informal strategy may 
be used. Thus, having shown how the informal method works, 
the next step is to find a way of formally expressing this 
strategy. 
3. Formalization of the Strategy 

First we need to identify the objects and their proper- 
ties. To do this we look one more time at the informal part: 
Find all stored members that satisfy condition B. It is one 
of the advantages of the English language that an object is 
always represented by a noun, while adjectives describe the 
properties of an object. In our simple example this gives us 
right away 'member' as the object and 'condition B' as the 
required property. Next we have to identify the operation 
performed on the object which is not difficult either since 
action is described by verbs. In the discussed example, 'find' 


is the one looked for. Given the objects, properties, and the 
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An Informal Strategy to Attack the 
Design Problem 


operations we may perform on them, we now can describe the 
sequence of single steps necessary to 'Find all stored members 
that satisfy condition B' by the relational diagram shown in 
eure 111.3. 

Given this design, we could continue and specify the 
interfaceof each box presented in Figure III.3. To complete 
the formalization part this would, indeed, be necessary. But 
we then would also find ourselves right in the middle of the 
implementation which is not what we want at this time. We 
therefore stop here short of coming up with a real formaliza- 
tion. The general idea about the possibilities to start 


abstracting the resource however should be a little more obvious 


Dy now. 
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if empty 
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Figure III.3. Relational Diagram of the Formalized Strategy 


49 


B. BASIC DATABASE PRINCIPLES 

Before we can start specifying the database resource we 
need some understanding of the fundamental principles every 
database, in general, is built upon. Although over the recent 
years there were various approaches in this area to make data- 
base work more efficiently, such as the introduction of the 
database machine (also known as 'backend'), or the continuing 
research on the multi-backend database headed by Professor Hsiao 
at the Naval Postgraduate School, we consider our database as 
an integrated part of the abstract machine built by extending 
the present AM. So, in order to formulate a useful abstraction 
we have to keep it simple and therefore, are interested only 
in the conventional, single user type of database. 

A database is in fact nothing more than an elegant combina- 
tion of several file processing systems under the control of 


the DBMS (Figure III.4). 


A e 


file 
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Figure III.4a. Traditional File Processing Approach 
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Figure III.4b. Database Processing Approach 


For a general view of a database structure we refer to the 
architectural description presented by Deen [Ref. 13]. It 
is always a major question how to define and treat data that 
has to be processed by a machine. In the case of a database 
there are as many as five distinct levels data can be viewed 
from, namely, in a bottom-up fashion, the 

- physical level 

- storage level 

= global level 

- local level 

- user level 
The meaning of these levels (Figure III.5) is easier to under- 
stand if we start with the global level which represents the 
center part. This level refers to the overall logical descrip- 
tion of the entire database without considering its storage 


representation. It shows the logical relationship among the 
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Figure III.5. Architecture of a Database: The Five 
Levels for Viewing Data 


objects of the database and gives the conceptual view of the 
System. 

The local level provides us with a subset of the database 
described at the global level. It was introduced with the 
intention to save the application programmer the inconvenience 
of invoking the whole global scheme while he usually is only 
interested in a few specific data items, since his need is 
local and his view is partial. So a subset is the application 


programmer's view of the database. It is a logical description 


a 





Samet hespart in which he is icone s ced, and therefore represents 
the external view of the system. 

How the data should be organized for storage in the physi- 
cal device 1S specified at the storage level which consists of 
entries for overflows, physical block sizes, and data placement 
techniques. Access paths can also be specified here. 

Whereas global and local level are logical descriptions, the 
physical level is the physical database itself. The database 
is stored on physical devices in conformity with the specifica- 
tion of the particular method applied at the storage level, 
where the purpose of this method is to optimize the overall 
performance of the database whose logical description is given 
at the global level. The fifth level is the view of the data- 
base as seen by the end user from a remote terminal using a 
special, high level query language. 

Since the view of data at the user level as well as the 
physical level are not of particular interest for our research, 
we shall exclude it from subsequent discussions, concentrating 
only on the application program, the storage, and the concep- 
tual (global) and external (local) view. The application pro- 
gram is stored permanently and is always available to the user. 
It is usually written once, or maybe a few times, should the 
database description be changed, and can be invoked by special 
commands. To manipulate data in the database by the applica- 
tion program a sublanguage, the so-called query or data manipu- 


lation language (DML) is needed, one for each host language. 


mug 


The DML acts as an interface language with the database which 
enables the application programmer to "navigate" through the 
database with a search strategy defined by the logical rela- 
tionships of his data at the local level. An application 
program containing DML statements has to be compiled either by 
an extended host language compiler or by a special DML proces- 
sor followed by a host language compiler. 

In contrast to a typical compiler however, this device, the 
first of three major software pieces, also known as query 
processor, does not generate machine language but rather a 
sequence of commands that are passed to other parts of the 
database management system. The query processor needs to know 
about the structure of the database, so it can interpret special 
terms in the context of the particular system. This information 
about the database may already be built into the query processor 
itself. 

The output of the query processor is fed into the database 


manager (Figure 111.6), where it is translated into terms the 


third software component in our simplified database blockdiagram, 


the file manager, can understand, which means, into operations 
on files rather than on the more abstract data structures of 
the database description (global level). The file manager may 
be the general purpose file system provided by the underlying 
Operating system (OS), or it may be a specialized file system 
that knows about the particular way in which the data is stored 


In the databases 
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Figure III.6. Simplified Block Diagram of a 
Database System 


The overall software that permits the use or modification 
of the data stored is a DBMS which basically covers all the 
software components we are mostly interested in. So this is 
the point in the system where the abstract database resource 


comes in. 
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C. THE ABSTRACT DATABASE RESOURCE 

The AM database resource replaces two of the items shown 
in Figure III.6, namely the, database manager and the fils 
manager. Figure III.7a shows the block diagram for a database 
system using AM, while Figure III.7b presents a general view 


of the AM arrangement within the database system operation. 
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Figure III.7a. Block Diagram Of Database on 
AM Resource 
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Figure III.7b. Conventional Database System Operation 


(Compare Hsiao [Ref. 14]) 


So AM takes over right at the boundary where the system changes 
from working on a more abstract basis to an operation depending 
on the particular machine applied. Since AM does not include 
the query processor, it can not be considered as a complete 
replacement of the DBMS but instead covers only about two- 
thirds of the functions carried out by the DBMS before (Figure 
TII.7b). We further recognize that we did not mention another 
specialized language, the data definition language (DDL), 

which in conventional systems serves as the tool to describe 
the entire database once the conceptual scheme is specified. 
However, to keep it as simple and clear as possible we do not 
want to introduce one more high level language, and therefore 
prefer to let this job be done by a special application pro- 
gram, using the query processor as mediator. Since installing 


the database is a one time matter this restriction seems feasible. 
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AM's database primitives are more low level and cover less 
aspects than, for example, the CODASYL model. But they cm 
tain all the fundamental features for creating the database, 
for updating a given value, for inserting new elements into 
the database, and for retrieving special data. These operations 
are considered appropriate for this abstract level, and will be 
discussed in a later chapter. 

In a similar way as for the conventional model, the database 
manager as the AM interface, which in fact is just a collection 
of routines, receives as its input the processed guery primi- 
tives in a still machine independent form. This, however, is 
the only kind of input the database manager accepts because, 
since the former DDL entries are now handled by a special 
application program, there is no need for the manager to have 
a second input line. It further should be noticed that the 
security aspect, which means permitting access to certain infor- 
mation stored in the database to authorized persons only, as a 
task freguently carried out by the manager, has not been taken 
into account. This step can be justified with the definition 
of our database as a single user system. Thus, the general idea 
is to model the database resource 'on top' of the existing AM 
(version 2.0) by abandoning all of the usually required ius 
level languages like DML and DDL, in order to level) the eee 


sources with the AM operations, which is the major step for 


Conference on Data Systems Languages. 


eliminating the semantic gap. But in contrast to the display 
resource defined by Hunter, AM is not entirely able to oper- 
ate on the machine independent parts created by a conventional 
database system,as long as a separate DDL input is involved. 
When dealing with the physical resource the question to be 

asked first is what purpose it is supposed to fulfill. From 
the programmer's point of view the database should enable him 
INS Z 

- create objects, characterized by particular properties; 

- connect the objects in a logical way to a file; 


- store the objects without consideration of the physical 
storage method; 


- operate on any of the stored objects in an uncomplicated 
manner. 


In addition to the standard file system where the basic 
Operations ‘open’, 'close', 'read', and ‘write’ will do, a 
database must also permit operations for retrieving a distinct 
object from the storage, modifying it or checking if a particu- 
lar object is stored at all. The details will be described in 
the next chapter, but in general, the database represents the 
State of all the data stored as files and can be considered as 
“sust another" resource for AM. 

As mentioned before, the programmer has to start his work 
with the creation of the logical concept tailored for the very 
Special kind of database he intends to build. By this logical 
design, or model, he copies that certain portion of the real 


Peele which describes his view of selected activities best. 
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But aS with every model, its capacity is limited, not all 
aspects can be covered. Thus, a careful selection of those 
portions which allow the reguired logical operations is neces- 
sary. The tool for compressing the parts of the real world in 
such a way that they can be stored within the database is the 
technigue of Aggregation by forming a concept via abstracting 
a relationship between other concepts, called components, and 
Generalization by forming a concept via abstracting a class of 
other concepts, called categories. These techniques will be 
discussed in the next chapter. 

Due to the compression however, some questions now become 
unanswerable. It is the task of the database designer to make 
Sure that those questions which can no longer be answered are 
of the kind that never will be asked. 

The standard primitives in the real world are the objects 
and certain properties, where objects as already stated, can 
be represented by nouns while properties can be considered 
as adjectives that characterize the objects. We will stick to 
this notation concerning the primitives throughout this paper 
because their meaning is more evident and they represent the 
most abstract level. This is one of the major differences to 
a conventional database where widely a different terminology 
is used. The reason for this is that in a database we actually 
can not work with the real world primitives since a model is 
not the real world itself. But instead we are working with 


representations of these primitives. So whenver a transaction 
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from the real world into the conceptual world takes place, the 
notation is changed to indicate this step. In a conventional 
design the objects are represented by the so-called entities, 
which are, in contrast to their physical implementation, still 
unrestricted by the constraints of the computer. Properties, 
in a Similar way, are represented by so-called attributes which 
serve as a description for the entities and, while properties 
are characteristics of an object, attributes are representations 
of those characteristics. Thus, attributes are the character- 
istics of the data types (objects) themselves and, in fact, 
every entity has certain named attributes. 

But as stated above, we do not follow this terminological 
excursion for the sake of staying as abstract and representa- 
tion independent as possible. The intention finally, is to 
keep the structure simple, with emphasis on the permissible 
operations and to prevent the programmer from leaving the 
path of unambiguity. 

In AM, database objects are abstract data types.  Concep- 
tually, database operation 1S accomplished in the following 
Way. Objects are initially brought in from the disk and stored 
main memory. To manipulate an object, it is first fetched 
from its memory location. It is then used as an operand in 
some database operation, and the resultant object is stored 
back into memory. At any instance, the memory may contain 
several objects, but the terminal is directed to view only 


some selected object(s) in accordance with the operation just 


6l 


being performed. When these operations finally are completed, 
the objects temporarily residing in main memory are shifted 
back onto the disk under control of the operating system, 


which is not to be discussed here. 
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EE TEICATTON METHODOLOGY 


Because our database is considered as an extension of the 
existing AM we continue the work originated by Yurchak [Ref. 
2] using essentially the same specification language which will 
be described later in this chapter. However, before we proceed 
with this, first some understanding is required about the ap- 
proach we took in adding the database to AM. The purpose of 
the next section is therefore to make the reader familiar with 
the special methodology applied in order to design this resource, 
and the chronological steps that were done until finally the 


specification could be developed. 


WW THE FUNDAMENTAL STRUCTURES 

To define the operations that legally can be performed on 
the abstract data types for our database we need some tools to 
describe our intentions and also to preserve the necessary level 
of abstraction. Since the complexity of a database is not 
easily understood, a data model usually is formed as the simpli- 
fied representation of a particular aspect of reality. In doing 
so, the questions that arise next are: what are the elements 
our model will be based on, what actually is it that we would 
like to represent in a database, or what are the specific as- 
pects of the real world we are mostly interested in? Without 


using to be absolutely correct in the philosophical view of 
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things, the point to begin with is the fundamental structuii E 
known as the primitives in the real world. 

The first phenomenon here is the object, which may be a 
thing, a person, an event, an instruction or, in general, some- 
thing solid that can be seen or touched. When objects can be 
put together under a common but more generalized notation, 
they may form an object class. But it must be mentioned that 
grouping distinct objects together is only achievable by ignor- 
ing their differences at the price of losing some specific 
information aS a concession to the generalization. 

The characteristic qualities owned by an object are its 
properties. For the above given examples, it might be the size 
of a thing, the name of a person, the date of an event, or the 
statement contained in an instruction. All the possible 
instances of a property again can be grouped together into a 
set defining the domain of all the values this property legally 
may take, which therefore will be called 'valueset' in our 
specification. This domain represents not just a collection of 
numbers or characters but instead has to be considered as the 
set of all values a given property can have. For example, for 
the object 'person' with the property 'name' the corresponding 
valueset would be the collection of all the names that might 
be found among people on earth. 

An example of how objects and properties are related to 
each other is given in Figure IV.l, which is based on coneepe 


developed by Kroenke [Ref. l5:p. 207]. 
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object 
class object. | 





property; property, property. p property. 


l 
a valueset of property, 


Stones value 


Figure IV.l. Example of an Instance Value as the 
Intersection Between an Object and 
a Valueset 


Following this approach we can view the abstract model as con- 
Sisting of objects and selected properties related to them, 
where each single property is composed of a certain name and a 
specific value from the predefined domain. Although one 
property may take different values, at any instance it can be 
considered as a pair containing a single name and a single 
value. This will be discussed in more detail in Section B of 


this chapter. So in short, we can write as follows: 


object; (pair,,pair,,...,pairy). 


The basic operations performed on our simple database are: 


= create 


- insert 


modify 


= retrieve 


test for membership 

where briefly described: 
create--installs a new database; 
insert--adds a new object to the database; 


modify--changes a certain object by altering one of its 
properties; 


retrieve--retrieves an object identified by its particular 
properties from the database; | 


test for membership--returns a boolean value depending on 
the fact that a particular object does or does not 
belong to the database. 
For futher information the reader is directed to the specu 
tion part of this thesis where the entire operations are defined 
in much more detail. 

As already indicated in the previous chapter, we adopt the 
following view: whenever talking about objects and their 
properties we actually deal with primitives of the real world 
which are neither easy to handle nor can they be stored in a 
machine. To be more precise, in constructing a model we only 


work with a representation of the objects and properties but 


not with the primitives themselves. In doing so, the portion 
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of the real world our model tries to catch becomes manageable. 
For example, although we can not put the object STUDENT into 
a database, it 1s no problem to store the Bree ee: string 
'STUDENT' as a conceptual representation of this object. The 
same is true for properties. Since there is no way to store, 
for example, 15 YEARS, we instead extract the essential infor- 
mation ('15' in this case) which is more convenient. 
Furthermore, there are some restrictions to be taken into 
consideration. For instance, the programmer should not be 
BE eg to insert data that does not belong to the valueset of 
the specified property, nor modify a non present value. Such 


cases have to be covered by a special error handling routine. 


B: NESUNTNGOOBJECTS AND THEIR PROPERTIES 

One approach to GaN an object in terms of mathematical 
MeleacloOn can be found in Hsiao [Ref. l4:p. 67]. Although Hsiao 
uses a different terminology, the proposed concept is as 
simple as it is clear: 


Let A be a set of 'attributes' and V be a set of 'values. 
Then a 'record' R is a subset of the Cartesian product 
A xV in which each attribute has one and only one value. 
R can therefore be considered as a set of ordered pairs, 
BE in short notation, 
R = [(attribute,value);,...,(attribute,value), ]. 
The meaning of this equation is evident, however it does not 
necessarily ensure that a certain value will only be attached 
to an attribute for which it is explicitly defined in the 


corresponding domain. Thus, because our methodology is supposed 


Beebe strictly formal, the given equation can not simply be 
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translated by just changing terms. But we can adopt the basic 
idea. 

The technique we apply must EE us from mistakenly 
combining terms that are not defined for each other, and the 
way we described our properties supports this. Since a property 
is composed of a pair containing its name and the appropriate 
set of values which specifies all the legal values for this 
particular property, only combinations between members of this 
pair are possible. At each instance such a property identified 
by a certain name, may take any single value from the corres- 
ponding domain, thus representing one specific 'snapshot' 
lying within the range of feasible combinations. The following 


example illustrates our intentions. 


property l: 
name: 'age' 
set of values (domain): '1O','11','12', T3 M MM 
m 
property 2: 
name:  'city' 
set of values (domain): 'Monterey', 'San Diego', 
'Los Angeles', 'San Jose'. 


Legal combinations representing different instances of the 
given properties would be: 

"aget p 

'age' ,'14' 

'city' ,'Monterey' 


"Gliy = “Sone. o So 
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however, combinations like: ` 
'age' ,'Los Angeles ' 
mia A A ! 
are not possible. 

Thus, we have to attack the problem in two successive steps. 
We start with a particular property name N; out of the set of 
all specified names N and with vi as the corresponding value- 
set out of the set of given valuesets V. We then can define 
a property in a similar way as described above as the Cartesian 
product N; x V. where i>=1. 

This ensures that a property won't have other values than 
those explicitly stated in its domain, where at any instance 
each property name has one and only one corresponding value. 
Having generally defined the property P = N. X Vis i>-l, we 
now can easily describe an object as a sequence of one or more 


property instances P' 


pes? E 


0 - (P! 
Properties by themselves do not make much sense in a database, 
since it is the object we are interested in. But on the other 
hand, objects are made out of distinct property instances, and 
so both the object and its describing property instances repre- 
sent the primitives in our database. Following a top-down or 
'from the simple towards the more complex' strategy in 
developing a specification for the abstract database, the 


procedure of creating an object is illustrated in the next 


Example. 
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property name  . Valueset property 'snapshot' 


N X V domain of 
l d 
property, 
P, 7/34 MEME 
V 
m 
N X V domain of 
2 d 
property, 
! == 
P3 E 2 . 
V 
n 
N X V; domain of 
- property, 
P, P = (N , VL) 
V 
P 


An lnstance of an object D can then be described by a sequence 
of properties P' which themselves contain a name and a particu- 
lar value, or in other words, it represents several 'snapshots' 
of the properties P. The previously given description of an 


object should be clear by now: 


A property name will be mapped together with any of the values 
assigned to the domain of the corresponding property, but will 
be restricted to only one value at a time when defining a 
certain object, although a single property name can take differ- 


ent values for different objects. 
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This probably becomes more obvious when looking at a 
graphical — e. following in some sense the approach to a 
formal A n a. for data structured in accordance with the 
different database models given by Hull [Ref. 16:pp. 518-528]. 

Notation: Let N be the distinguished set of property names 
and let V be a set of valuesets such that N nV - 0 (no common 
elements). 

Definition: Then P is the set of all properties, where F 


maps to each subset P: of P a property name N; and a valueset 


V, such that the poOllewang conditions apply (Figure IV.2): 


N (set of property names) 






Ease. OL 
properties) 






V (set of valuesets) 





Figure IV.2. Creation Of Properties 
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Restricting these mappings in such a way that values of a cer- 
tain property can only be transferred from the valueset (domain) 
which is defined for this property type, properties consisting 
of different name/value pairs can be created. 

Applying d = <P,F> then gives us the tool to describe the 
first part of the primitives, the properties. Next we need to 
define the remaining part, the objects. To achieve this, let 
O be a set of objects, where I maps certain pairs LN u E = | 
for l<=i,x, to elements of 0 such that 1(N;» IM E IO | 
every two N iNo belonging to the same object. Wenn K <<P,F>, ` 
= <d,I> can be used to describe any object 0, by apply i 
one or more times to different (N, , V. ) e P.. The follovi iha 


Fx i 


conditions are true for this mapping (Figure IV.3): 


i] 
ne, 
II 


TAN aV 3. ; ° ° ° P EE Ee 
ES JO -> [P; s... P = A ee 


1J 

Tne restrictions added are indeed necessary in order to pre- 
vent illegal operations on the sets, which otherwise would be 
possible. Both methods discussed above lead to the same re- 
sult, and it was the goal of this section to give the reader 

an understanding of our strategy in defining objects and their 


properties. Although this strategy may appear somewhat | 
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O (set of objects) P (set of properties) 





Figure IV.3. Creation of Objects 


complex, it represents a serious attempt to handle the data- 
base primitives in a consistent way while staying as formal as 
Peeeible. And before continuing with the next section which 
deals with the creation of object classes, a final note has to 
be attached: To distinguish between different objects it is 
necessary to include at least one name/value pair that uniquely 
identifies each object. This identifier is called the 'key.' 
If there is no such key available then there might be tne case 
where it is impossible to distinguish one object from another. 
Objects that are structured in a similar way, which means 
they are defined by the same property names appearing in the 
same order, can be grouped together to form a class. Such a 


class may then be identified by the kind of its property names 


V 


and the order they are arranged in. However, this is a tedi- 

ous method. It is therefore more realistic to introduce a 

classname as identifier to distinguish between different classes. 
In either case, the kind of identifier is considered to be 


an implementation issue and will be ignored at this point. 


C. C OBJEBCTOLASSES 

A convenient way to handle a large number of objects is by 
grouping them together. This can be done with all objects that 
are related to each other in a logical sense. These sorted 
objects then form a class or subclass of objects, where each 
class has its own characteristics that distinguish 2 ivom 
another. Since objects are composed of several name/value 
pairs, the presence of those pairs and the order in which they 
appear is the criterion for associating any given object with 
a particular class. A graphical example of a subclass is pre- 
sented in Figure IV.4. The subclass can be considered as a 
two-dimensional scheme with the objects arranged in horizontal 
order and the properties as different columns. From this repre- 
sentation it becomes obvious that, if a certain property is 
not contained in the subclass, none of the objects of that sub- 
Class can have this property at any instance. In mathematical 


notation this could be expressed as: 
(object.esubclass,)A(pair,cobject.]--2(pair ssubelassus 


where pair, represents an instance of property, containing 
name, and one single value from the corresponding domain 
defined ter property, . 
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instance 
nm 





Figure IV.4. Objects Forming a Subclass 


In the same way that objects can be grouped together to form a 
subclass, several subclasses again can be arranged to form an 
objectclass. Both are achieved by means of ‘generalization, ' 

a technigue discussed in the next section. 

mi ie eee lass Can Do considered as a three-dimensional 
scheme consisting of 'layers' of subclasses as shown in Figure 
IV.4. To create this figure, turn the subclass in such a way 
that it fits into the horizontal plane, andthen install each 
on top of the others. Using this method, the arrangement be- 
comes more evident (Figure IV.5). So a subclass equals a cer- 
tain level of this block whose shape depends on the number of 
properties, objects, and subclasses being applied. The entirety 
of all levels or subclasses forms the objectclass. Objects 
which do not belong to one subclass but have to be present 
because they are contained in another, are considered as just 


being left blank in all the subclasses in which they are not 


represented. 


GE 


property, T property, 





object. ñ 
subclass; | | La, . 
- í | i d 
| y 
| | | 
| | | 
subclass | | 
i | 
I 
Figure IV.5. Subclasses Forming an Objectclass 


If a certain property is not containted in the objectclass, 
none of the objects belonging to that class can have this 
property at any instance. In mathematical notation this can 


be expressed as: 


(pair, <object,) nlobject «subclass, )q(sukclass, <objectclass, ) 


Ev (pair, eobjectclass, ) 


where, again pair, represents an instance of property, con- 
taining name, and a single value from the corresponding domain 
of property,. So in searching for a particular name/value 
pair, first the objectclass can be checked for the matching 


property name, then if positive, the subeclasses ho“ b 
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checked, and finally the object that responds to the require- 
ments will be localized. By this means a search can be limited 
to those objects most likely to contain the requested name/ f 
value pair. 

1. Generalization 


Generalization is defined as an abstraction 
which enables a class of individual objects to be thought of 
generically as a single named object" [Ref. 17:p. 107].  Re- 
placing the term 'named object' by the new term 'subclass' this 
technique provides S way for conveniently describing how sub- 
classes and objectclasses can be constructed. This is true 
because, on the next higher level, subclasses themselves by 


abstraction build a generalized new 'object,' too, the object- 


class (Figure IV.6a). 


animals (objectclass) 
mammals birds (subclasses) 
/N — 
dog cat blue black (objects) 
bird 
Figure IV.6a. An Example of Generalization 


By generalization, which can be considered as a bottom-up 
technique, it is possible to create the abstraction necessary 


for the abstract database (Figure IV.6b). 


p 


object, 


object 






generalization class 


object, 


Figure IV.6b. Creating a Class from Objects by Generalizatio! 


This bottom-up approach, if all the objects belonging wees en 
class are included, must then logically be reversible in such 
a way that a given class would lead to every Single object being 
defined by that class. For example, the class 'mammals' 
naturally contains also the object 'horse,' and horses belong 
to the class of mammals. 
2. Aggregation 

In order to define the instance properties of an 
object, those properties must be determined for every object. 
This Can be achieved by the technique of 'aggregation' by which 
different name/value pairs are grouped together so that they 


can be used to describe an object (Figure IV.7). 


name/value pair, 


name/value pair, 


aggregation object 


name/value pair. 


Figure IV.7. Creating an Object from 'pairs' by Aggregationg 
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Although this method looks like a refinement of the object, 
aggregation in fact works the opposite way (bottom-up) and 
cannot be treated as an inversion of the generalization. 
Furthermore, aggregation is not automatically reversible, 
which means an object may have certain name/value pairs, how- 


ever these pairs do not necessarily define this specific ob- 


ject in an unique way. For example, although a person can be 
described by the name/value pair ('age','10'), this particular 
pair need not necessarily refer to a person. So in contrast 


to the generalization, where an exhaustive installation of 
objects belonging to one class would guarantee reversibility, 
with aggregation this depends on the way an object is viewed. 
Using the method of generalization and aggregation we are 
able to draw a picture of the general structure of the data- 
base (Figure IV.8). This drawing also clearly demonstrates 
that each instance property of any object belonging to a cer- 


tain class, must itself belong to that class: 


[((name/value pair) c<object) <subclass] eobjectclass 


Pee THE SPECIFICATION LANGUAGE 
fm Crammer 
First developed by Yurchak (Ref. 2] and in a few parts 
modified by Hunter [Ref. 3], the grammar used for the specifi- 
cation language will be left unchanged to preserve the meaning 
of AM as the machine as originally designed. The grammar for 


the specification language as found in Appendix A is exactly 


n 


objectclass 


se. i 











generalizatìon subclass subclass 
pu > I 
ones E „object object, - š acb RSEN 
aggregation | | | | | 
name/value pairs name/value pairs 
Figure IV.8. General Structure of the Database 


the same as used by Hunter. The following description of the 
grammar and, in the next section, the preprocessor, represents 
an extract of Hunter's respectively Yurchak's work. It was 
inserted to give the reader some understanding of the under- 
lying fundamentals. 

The selected grammar is similar to examples found in the 
literature, but the specification language includes some features 
usually reserved to programming languages. A specification 
with modules called 'spec' is constructed first using this 
language while by means of the 'extension' operator it is 
possible to combine the specs in a hierarchical order. Each | 
spec may introduce zero or more new 'sorts,' 'operators' and/ 
or 'axioms.' A 'sort' can be considered as a data type and 
forms an object set from which the E ae are selected for 
the operators. The elements in a sort are created from the 


listed 'operations.' Whenever feasible, one or more constants | 


are declared in the beginning to provide a basis for other 
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elements. For example, the constant zeronat() would be such a 
basis for generating other elements in spec natural. 

Sorts introduced in a spec may also be added to an 
existing spec through 'extension' of the spec(s) that will be 
taken as the basis, or they may form the primitives for a new 
'branch' of the hierarchy. Extension provides the only means 
of relating the sorts and operators from different specs so 
that the newly declarated operators refer to both the new sort 
as well as to any sort from the extension. 

Parameterized specifications are permitted but their 
use is minimized, as their properties are not: well understood. 
Spec string is one representative of this type of specification. 

The semantics and the overall structure of the specifi- 
cation must obey certain rules. All symbols must be unique. 

No symbol may be used unless it has first appeared as tne name 
Ea spec, in a sort definition, or to the left of a colon in 
an operator declaration. Following this rule guarantees that 
at no time the properties of the object inferred by the name 
are ambiguous. Thus, the structure of the specification is 
much like a Pascal program, but more restrictive. In short, 
there are no self referential specs, and no use of a spec is 
possible before it has been defined. 

The specification language classifies all operators 
into one of three categories:  'primitive,' 'derived,' and 
'hidden.' 

- 'Primitive' operators are those which must be imple- 


mented to provide a full instantiation of the spec 
and form the basis of the resource description. 


aL 


Although not every primitive Operariem needs come. 
directly implemented, the full functionality of each 
primitive operator must be present. It is up to the 
implementor whether he likes to exclude some of 

the primitives or some of the operators described 

by those primitives, as long as full functionality 
remains available from either set of operators. 


- "'Derived' operators are those which can be derived 
from the primitives. The implementor may ignore 
these operations because their function always can 
be performed by the composition of primitives. Their 
inclusion is merely a matter of convenience. An 
example would be the derived operators 'or' and 
'implies' in the spec boolean, whose functions are 
entirely covered by the primitive operators 'not' 
and 'and.' 


- "'Hidden' operators are those to which the programmer 
has no access. They represcnt oDScractions ie ERS 
machine reguired to express a certain semantics. It 
might be convenient to have them in one case, while 
in another they may be essential to the semantic 
description. A typical example for a hidden operator 
is the READFRONT operation in the specification of a 
gueue, as discussed in Chapter II. Here, this : 
Operator is required to build meaningful axioms. 

The 'if-then' and 'if-then-else' constructs are used to build 
conditional axioms. Their function follows the same princi- 
ples as it does in other languages, for instance, in Pascal. 
This means, when the evaluated 'boolean expression' is true, 


the 'then' part of the statement applies, otherwise the 'else' 


part. The 'boolean expression,' finally is defined as 
expression meta relop expression 


where the term ‘meta relop" stands for the metalanguage Sym. 


pols (equality relation) or "!=" (inequality relation), 
and is used to decide about the truth of the given boolean 


expression. 
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So in some sense, the underlying grammar for our speci- 
fication language is similar to the ones used for compiler 
compilers. In general, the application of a metalanguage 
provides an important tool to formulate various aspects of the 
|. |Ioping design, Since it can be used as a description for 
another language. Simple technical terms, such as 'if,' 'then,' 
'else' or 'endif' were introduced to make our intentions more 
clear in both the grammar and specification. In order to dis- 
tinguish between the metalanguage terminology and the regular 
language, metanames always are boldface. A typical represen- 
tative for such a metalanguage is the BNF (Backus-Naur Form) 
which serves as a notation for describing the syntax of pro- 
gramming languages using ordinary technical English, supplemented 
by conventional mathematics. 

2. The Macro Preprocessor 

The main purpose of the macro preprocessor is to con- 
dense the amount of language wherever repetitions would swell 
the volume of specifications. This technique also improves 
readability because those parts of a specification sharing a 
common macro definition, can easily be identified. And since 
it is based on the same principle, understanding one macro 
definition is the starting point for understanding all of them. 

As with the grammar, the idea of the preprocessor was 
originally introduced by Yurchak when he designed AM (version 
1.0). This convenient technique has been continued by Hunter 


in developing AM (version 2.0), and it will also be used for 
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the abstract database. The fundamental theory remains un- 
changed. In the following section a description of the pre- 
processor is given as it was defined by Yurchak [Ref. 2] and 
adopted by Hunter [Ref. 3]. 


The basic form of a macro de is r ions 
replace "text  owthosher ec E 


Since the grammar of our specification language does not re- 


quire quotes, they are used as delimiters for definition and 


equivalence strings. A macro with arguments appears like 
replace (A,B,...,2) "text . . ." with "other o j p MM 
where the formal parameters must be capital letters. An upper- 


case letter always denotes a formal parameter to a macro, 
since there are no uppercase letters allowed within the spec 


itself. Thus, for the definition 


replace (S) 

"typeof(S);" 
with 

TE E 

a tomo s> a am os 


valofS: S-->val; 


tnen the string 


ty peor (bool, 


> 


would be replaced by 


typeboold: — tL 
atomofbool: val-->bool; 


valofbool:bool-->val; 
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wherever it appeared. The utility of the macro becomes obvious 
when we look, for example, at the fetch and store operators, 
used to retrieve and store values of any type from/in primary 
memory. All AM data types map into a common sort called El, 
which is returned from or passed to memory by these operators. 
In order to avoid the need for describing big numbers of vir- 
tually identical mapping functions, by means of macro defini- 
tions it is possible to describe the first data type and then 
just list all the others. This feature clearly simplifies the 
specification task. 

Macro definitions are also excellent for expressing 
certain properties of operators such as commutativity, trans- 
itivity, etc., which are used throughout a specification. 
Instead of writing out the associated axioms repeatedly, which 
could prove to be tedious the definition of macros with appro- 
priate parameters permits a more readable and explicit expres- 
sion of these properties. The following example gives an 


Illustration: 
Cu nc nn E= bool; 


If the arguments are equivalent, then the operation should re- 
turn true(), otherwise false(). In order to express eqint 
as the equivalence relation on objects of type int, three 


axioms are needed: 


eguint(i,i) = true(); 

cg JU) = eguint(],i); 

inp es(and(eguint (i, J) equint(j,k)),equint(i,k)) 
= true(); 
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This by itself would be no reason for concern, tte 
be a variety of relations like this within a specification, 
and for each single case these three axioms have to be re- 
peated in some way. Macros provide the adequate solution, 
Since a macro defined like 
replace(X,S) 
"eguivrel* 5 a 
with 
ca Se 
X(1,1) + trueno” 
for P E 
xX(i,j) = eee 
fera mir O. 
Tm lY si Ua HE ) ES ) AT FP = true LEE 
enables us to use this definition as a template in which equint 


just has to be inserted 
equivrel (equine, nte 


thereby transforming equint into an equivalence relation on 
int in one step. Note that we are not required to explicitly 
specify the tvpe of free variables, since this can normally 
be determined by context. We do so in the interest of clarity 
because there can be no doubt for which type 'equint' is an 


equivalence relation. 
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Vee ne SEIN 


Having an operating AM processor available that already 
includes the control and primitive data type operations as 
well as the visual display device, the next step towards the 
goal of developing a fully operational machine was to adda 
database resource which could do a far better job than a 
conventional file handling system. With the design of the 
abstract database, now a model had to be created that was 
appropriate for manipulating data in a way to effectively sup- 
port the programmer's reguirements. Because a database is a 
complicated and complex subject, our intentions were to model 
a resource which includes only the fundamental operations as 
stated in the earlier chapters. This restriction had to be 
/mitroduced in order to keep the time constraints given for this 
thesis. The complete specification for AM is presented in 
Appendix B. 

However, one note of caution has to be added like the one 
Originated by Hunter [Ref. 3] in his description of the bit- 
Mapped display system: despite our best efforts to be thorough 
and rigorous, this AM specification may still contain some 
errors. This is not only so because extending a program written 
by others most likely supports this possibility, but first of 
all because it is a rather difficult matter to ensure that there 


is no ambiguity in the axioms. It also can not be guaranteed 
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that every portion of the spec is complete so that legal but 


undesirable implementations would not be permitted. 


A. THE DATABASE CONCEPT 

In contrast to the graphics part of AM, the database once 
installed by the application programmer is fairly limited to 
manipulating data in the predefined way. Creativity in the 
sense of trying and improving is only possible during the con- 
ceptual phase which always preceeds the actual installation. 
This means the programmer must have a clear concept about what 
to describe and how to arrange it in the most suitable way 
before the implementation finally can take place. A database 
represents a number of data being arranged in accordance with 
certain characteristics or particular relations of interest to 
the programmer. The main question to be answered is how to 
abstract a database -to its fundamentals so that a programmer 
can work with it. Once the basic elements were identified as 
‘objects' and the 'properties' defining them, the next step 
was to develop the set of functions controlling the database 
that would support a natural way of thinking about the intended 
Operations. In order to remain consistent, even the 'property' 
as the basic component of an object had further to be sp 
into the subparts ‘property id' and n 

This approach is certainly different from other methodolo- 
gies because it required eleven separate specifications just 


to formally define the database and its abstract elements. 
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Each specification must be considered as a mandatory step on 
which succeeding specs are built. And each spec contributes 

in an important way to defining the abstract database resource 
and therefore can not be omitted. This number of specifications 
Pee urally caused some problems when translating every single 
function, in many cases required only for mathematical reasons 
of rigor and without practical usefulness for the programmer, 
into logical sets of operations. Although these operations had 
to be built in and are now available, it is anticipated that 
the application programmer will rather restrict himself to the 
more useful operations typical for database manipulations. 

From the programmer's point of view, it is not of interest 
to retrieve all the values defined for a certain property once 
the domain has been fixed. He more likely wants to determine 
the name/value pairs associated with a particular object or 
find out whether one or more objects meet a given condition. 
Due to the underlying method objects are structured this can 
NE on the basis of list functions that will be dis- 
cussed in some detail in the following sections. In general, 
we adopt the idea that a database can be considered as a big 
list. This approach was finally chosen because it facilitates 
our effort to describe the principles of the abstract database. 

A standard database has to be created first in the mind of” 
a programmer, then drawn on a piece of paper and, eventually, 
installed on the computer. This sequence represents a typical 


ep down approach, starting with the overall database, 
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partitioning it into different Classeswand subclasses andy, 
finally, assigning objects to them. This approach keeps the 
programmer at a very low level of abstraction, where the com- 
puter can not provide much assistance. Adding, for example, 
4 new object would reguire us to first specify the particular 
class to which it belongs. It would definitely ease the pro- 
grammer's effort when he could work on a higher level of 
abstraction by using the power of the computing resource to 
insert such an additional object without caring about the 
specific class it refers to. But although this approach has 
some fascinating aspects it was not developed since object- 
classes are characterized by the kind of their property names, 
and thus have to be specified carefully. The probability of 
erroneous entries seemed too high to adopt this concept for 
our research. 

As stated in Chapter III, we also abandon the introduction 
of a data definition language (DDL) and a query language Since, 
due to their high level, a great deal of the intended abstrac- 
tion would be taken away. This becomes quite obvious just bv 
the fact that there are meanwhile several, non-compatible 
query languages established. Because our goal is to svecifv | 
one particular part of a database, namely the interface be- 
tween the conceptual level and the physical level, we confine 
our work to the fundamental principles and focus exclusively 
on the essential aspects of the database. For the interested 


reader it should however be mentioned that, once AM is completed, 


2) 


there are plans for the near future to develop a high-level 
language for AM, too, which would naturally ease the workload 
of the programmer. 

We now take a more detailed look at the issues and design 


“both the data abstractions and resource abstractions. 


B. ABSTRACT DATABASE DATA TYPES 

In this section we develop the abstraction of the database 
in detail along with all the data types needed to support it. 
In addition, we discuss issues concerning the design and 
examine how the specification captures the properties of the 
Hastraction. 

One of the problems encountered while writing the specs 
for the database was, that in contrast to the previous speci- 
fications which mostly operate on single data types called 
ES, it became necessary to refer to the set theory which 
enables us to deal with single atoms as well as with strings 
of atoms. Since a database generally contains composed ele- 
ments rather than simple atoms, the 'set' seemed to be the 
right means to tackle this problem. However, a set does not 


allow the same element to be represented more than once, which 


would restrict the operations in an unintended way. We there- 
fore preferred to adopt the characteristics of a 'list,' where 
no similar limitations exist. This required the installation 


of an additional spec list that permits the more complicated 


Jan 'atom' represents a problem solving abstraction and 
is discussed in Chapter VI. 
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operations on strings. The list will be described in decom 
in Sections C and D of this chapter. But first of alia — 
consider the basic steps of how to abstract the database. 

l.  Property-Identification and Value 

Each instance property of an object consists of a name/ 
value pair which from now on will be referred to as 'property- 
value,’ containing a particular property-identification ('pic 
and a single value (‘val’). Spec property id i -SEC AE 
properties of the 'pid' data type. A 'pid' can be a string of 
characters that qualifies as identifying notation for a data- 
base property. Different 'pids' are combined to a set forming 
the 'pidset' data type which can be considered as the descrip- 
tion of the domain for all legal names properties mav take. 

Spec property idset models this domain. The operation E 

ally performed on this data type is creating such a set, start- | 
ing with an initial 'pid' and then extending it bv repeated | 
application of the union operator with the option of using the ll 
empty set as well as the universe of all sets. 

The values associated with a particular property are | 
covered by spec value. This spec and the combination orm | 
data type 'val' to a set, the new data type 'valset,' whose 
properties are described in spec valueset, are constructed in 
exactly the same way as the specs for 'pid' and 'pidset.' 

All values which may be meaningful in any context with the 
determined property names are permitted. For example, for 


the 'pid' age this could be the set of natural numbers fremd | 


ga 


to 100, while the 'pid' address might require a set of charac- 
terstrings. The joint operations 'unpidset' or 'unvalset' 
ensure that there are no redundancies in the same domain. 

But it is the programmer's responsibility to create the size 
and type of valuesets that fit his intentions best. In this 
Stage it would be possible to build a domain containing dif- 
ferent types of data which, if carelessly applied later, could 
lead to an erroneous result. 

Both the 'pidset' and 'valset' data types provide a 
disjoint operation, and a test for membership and equivalence 
(relational operators). Regarding the intersection and union 
Operations, provision has been made for associativity and 
Semmutativity. 

2. Property and Propertyvalue 

TS) deas to specify a property in its entirety we need 
two parts: a 'pid' that describes the name of the property, 
and a corresponding 'valset' which determines the domain of all 
the values this particular property can legally have. A 
property is represented by sort 'prop' and is always constructed 


from the ordered pair 'pid' and 'valset' 
prop = (pid,valset). 


Spec property lists this data type and the possible operations. 
To reduce a property to one of its two fundamental 
elements, the operators 'getid' and 'getvalset' have been 


introduced. While 'getid' returns the property name ('pid') 
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getid: Prop -= TPE 
'getvalset' returns the domain (valset) of the Propo tin 
getvalset: prop --> valset. 


These two operators can be considered as reversion of the 


create operator 'crprop.' 


In combination with the empty value- 
set a property may be created just be defining a certain name, 
leaving the final determination of the corresponding valueset 
unspecified for the moment. 

Spec propertyset provides the data type for different 
properties associated to a set and has a similar structure as 
spec property idset or spec valueset. But since every aig ae. 
consists of the ordered pair 'pid' and 'valset,' by the 


'getidset' operator all the 'pids' involved and specified as 


'oidset' can be retrieved 
getidset: propset --> pidset. 


Defining the properties for thedatabase in this way was the 
result of an analytic process which led to the understanding 
that a property indeed is composed of a single element iden- 
tifying its type, and a set of values for this type. Since 

the sequence is important, we can treat a property as an 

ordered pair of single elements. But following this definit rcis 
now a certain property does not make much sense for describing 
an object, because it can not be used as a characteristic 


criterion. For example, 
crprop: 'grade', ('A','B','C!, BW EFE ' '— M c 
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EE property ['ograde’,('A’,'B','*c','D','E','F')] 
mere "Grade' equals the 'pid' and ('A','B','C','D','E','P') 
the 'valset.' Would it be meaningful to describe any object 
by this property? It certainly would not, because this is a 
general statement about the property 'grade' containing all the 
defined values a grade can consist of. A specific object, how- 
ever, should only contain a specific value that is character- 
istic for it. In Chapter IV we called such a combination a 
name/value pair or an instance property. Although we mentioned 
this subject before, it is our concern to illustrate the basic 
difference between a property and a particular propertyvalue. 
Sort 'pval' in spec propertyvalue defines the data type 
to resolve the problem stated in the previous example. Opera- 
tor 'crpval' enables us to create the reguired instance of a 
property that itself serves as the basis for describing any 


specific object. Referring to the above given example 


ca“. rade', A"——> pval 


would now result in the propertyvalue "'grade','A'" which then 
can be used for any object that would meet this condition. 
Besides the relational operators for eguality and membership, 
as for all composed data types, there are operations available 


which return either the first element of the ordered pair, 


'getpid' retrieves the 'pid' 
getpid: pval --> pid, 


or the second element which can be retrieved by the operator 


'getval' returning the corresponding value of data type 'pval' 


95 


getval: pval cog. 


Since objects usually are described by more than just 
one propertyvalue, spec propertyvalueset was introduced. With 
its data type 'pvalset' it is possible to combine different 
propertyvaluesinto a set. This is the final step on our way 
towards defining an object which will be discussed next. In 
order to determine the different properties represented in 
such a propertyvalueset, the property names, or 'pids,' are 
of major interest. They can be retrieved by the operator 
'getpidset' which accepts any 'pvalset' as input and returns 


the matching 'pidset' 
getpidset: pvalset --> pidset. 


Due to the fact that the data type 'pval' consists 
of the ordered pair 'pid' and 'val;' and that the combination 
of distinguished 'pvals' forms a 'pvalset,' this new data type 
is also composed of a set of ordered pairs itself, namely the 
set of the ordered pairs 'pid' and 'val.' It therefore was 
necessary to add two distinguished membership operations, one 
for testing whether a given propertyvalue is contained ina 


particular set of propertyvalues 
mempvalset: pval,pvalset --> bool 


and the other for checking if a given propertyvalueset belongs 
to a certain propertyset which includes information about the 
‘pids' involved as well as the domains for the corresponding 


values 
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mempset: pvalset,propset --^ bool. 


Again, as for all sets, the union operator 'unpvalset' 
ensures that there are no redundancies, while the disjoint 
cor 'intpvalset' would retrieve propertyvalues contained 
in both sets to be checked. Furthermore, the standard, opera- 
tions for associativity and commutativity have been included 
On principle in this more mathematical part of the specification. 

3. Object and Objectclass 

As mentioned before, the essential element of the data- 
base resource 1s the object. Each of the previously discussed 
specifications represents an indispensable portion that finally 
enables us to express the data type 'obj' by means of these 
more elementary data types. Its properties are specified in 
spec object. An object can be considered just as a particular 
pee OL Propertyvalues, each containing a distinct 'pid'and a 


aval” 
obj = pvalset = [(pid,val)i,...,(pid,val),]. 


BE 3x:unction that initiates this operation is called 'crobj.' 
mme kind or number of ‘tpvals’ defining an object is of no 
interest for us at this point, although it will be later. So, 
theoretically, any combination of 'pvals' could be chosen to 
build up an object, even such containing the same 'pid' or 
'pval' more than one time which actually would be meaningless. 
But Since the installation of a database is always preceded 


by a rather precise concept, the grouping of different objects 
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into classes then should eliminate the possibility of an inci- 
dently induced redundancy on 'pids.' 
The reverse operation to creating an object is 


'getopvalset' which returns the entire 'pvalset' defining the 


object 
getopvalset: obj --> pvalset 


while the operator 'getopidset' retrieves only the correspond- 


ing set of 'pids' 
getopidset: obj --^ pidset. 


In general, the type of properties is considered more important 
for structuring purposes, as this criterion forms a good basis 
for hierarchically combining related objects to classes (compare 
Chapter IV, Section C). We therefore did not, as the reader 
might have expected, introduce an analogous operation which 
would return all the values of a given object, but instead pro- 
vided the operator 'getoval' that only retrieves one single 


value associated with one particular 'pid' of the object 
getoval: obj,pid --> val. 


Provisions are also made for an equality operator 'egobj' and 
a membership operator 'haspval' which checks if a given cc 
1s contained in a certain object. 
'Class' is the data type that represents a number of 
objects that are related in some kind to each other. This type MA 


has been discussed in some detail in Chapter IV. Its properties | 
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are now specified in spec objectclass. If we want to insert 

an object into a particular class, this can be done by apoly- 
ing the operator 'insobj' which takes a class and an object 

and returns a class now including the new object. We must, 
however, ensure that only appropriate objects, which means, 
with matching 'pids,' will be inserted. This problem is solved 
by defining an operator for retrieving the 'pidset' of a class 
('getcpidset') which takes a class as input and returns the 


corresponding 'pidset' 
getcpidset: class --> pidset. 


Together with the above specified operator 'getopidset' that 
accepts an object as input and returns its 'pidset,' the 


following axiom takes care of this 


if egpidset(getopidset(o),getcoidset(c)) - true() 
then 
Sec, O) — C; 
else insobj(c,o) = undef; 
endif; 


by determining whether the 'pidsets' of the object to be in- 
serted and of the class both are equal. If they are, then 
the object can be added, if not, the operation becomes unde- 
fined and the object can not be added. 

A similar approach was taken with the operator 'delobj' 
for the deletion of a selected object from a given class. It 
had to be ensured that any attempt to delete from a class some- 


thing not contained in it was discovered. To solve this 
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problem the membership operator 'memclass' used in the 


axiom 
if memelass(o,c) — Pre) 
then 
delobj(o,c) = c; 
else delobj(o,c) = undef; 


endif: 


to first check if the selected object is contained in the given 
class. This certainly is not a very efficient way of doing 
the deletion, but it avoids 'blowing-up' the machine by an 
operation that can not be handled. 

The situation where a class is itself contained in 
another can be managed by the relational operator 'subclass.' 
This provision may be useful when the hierarchical structure 
is of importance. In connection with the intersection @pera— 
tor 'intclass' the boolean value of this relation can easily 
be determined: 


ko intclass(c),c,) = C 
then 


subclass(c EM 


be 
ende: 

As in most of the cases the 'if-then' part of this axiom comik 

be reversed and the axiom would still be meaningful. Here it 

becomes obvious that the decision, what axioms to include and 

which to omit is a rather difficult matter and depends widely 

on the view of the designer. But since there is no sound 


recipe for how to proceed, this condition may be a Sourc Siom 
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potential errors not discovered while the specification is 
written. 
4. Database 

The last data type, 'db,' defined in spec database 
represents the highest level and operates on all the data types 
previously discussed. So, we have now reached our goal of 
combining every single data type from 'pid' up to 'class.' As 
the reader might have expected, in order to constrcut a data- 
base one or more objectclasses must be available. This is a 
mandatory prerequisite since it would not make much sense to 
treat a couple of non-related objects like a database that 
always represents a particularly structured arrangement of data. 
Operator 'crdb' allows us to create a database; it takes a 
'class' as its only argument and returns a database. A 'class' 
can be extended to any required Size by the union operator 
defined in spec objectclass. This method not only avoids 
meaningless redundancies but also ensures that each 'pid' con- 
tained in one of the subordinated classes will be contained in 
the database, too. 

Since 'db' is the data type of most interest for the 
application programmer, all the fundamental database operations 
have been provided in this specification. For example, 'getdb- 
pidset' returns the set of 'pids' comprised in the database, 
which cannot be different from those of the corresponding 


classes 


getdbpidset: db --> pidset. 


Vo 


This is expressed by the r cit v ir p n 


getdbpidset(insclass(crdb(cj)),c2) - 
unpidset (getcpidset(cj),getcpidset(c,)); 
which states that, if a new class C^ 1s inserted into a data- 
base consisting of the class Gu: Operator 'getdbpidset' would 
return the set of 'pids' equal to the joint 'pidsets' of C4 
and c, as determined in the right hand part of the equation. 


Operator 'retclass' enables us to retrieve a given class 


from the database, object by object 
retclass: db,class --> pvalset. 


This function is more difficult to express in axiomatic t nin 


ift ande 
and ( 
(getopvalset(o) = pvs), 
(memclass(o,c) = true) 
), 
(memdb(c,d) = true()) 
) = true () 
then 
intpvalset (retclass(d,c),pvs) = pvs; 
endif; 


Here three conditions need to be fulfilled to activate the 
final statement. First, a given object o must have a particu- 
lar 'pvalset' pvs, second, this object must be contained ina 
Certain class c which itself has to be a member of the data= 
base d. Then the 'pvalset' pvs must also be contained in the 


database. So the intersect operation of all the 'pvalsets' 
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of this class c when retrieved from the database, and the 
particular 'pvalset' pvs must finally return precisely this 
pvs, Since it is the only one contained in both the class and 
the object. 

Provision for another operator has been made that re- 
trieves an object whose 'pvalset' is matched by a given 'pval': 
'retobj' accepts a database and a particular 'pval,' and 
searches the database for objects being defined by this 'pval.' 


Corresponding objects are then returned 
EG Pen: Gb,pval ==>" ob]. 


A gueue mechanism operating in accordance with the 'first-in, 
first-out' principle manages the case should more than a single 


object be retrieved. The axiom 


if ana( 
and ( 
haspval (pv,o), 
memclass (o,c) 
) , 
memdb (c,d) 
) = true() 
then 
noto (d PV) sc; 
endif; 


states that, when an object o with a certain 'pval' pv is 
contained in a class c which itself is contained in the data- 
base d, then, when objects having this 'pval' are searched for 


by operator 'retobj,' these objects will be retrieved. If 


there is only one object meeting condition pv, it will be 
presented as soon as it is discovered; otherwise a number of 
objects will be put on the queue and can then be retrieved 
object by object. Although this principle is simple; ae 
ensures that each object with matching conditions can be 
determined and is available to the programmer at the end of 
one search. 

The operator 'modobj' allows for changing a 'pval' of 
a given object, modifying it thereby. Three arguments are re- 
quired: the database, the object itself and the new property- 
value. The database could have been omitted as an argument, 
but it guarantees that there actually is a certain structure 
available. The hard part is to defect any case for which the 
operation might not be defined, for example, if the given 
object does not belong to the indicated database, or if the 
replacing 'pval' is of a different type than the original 
or its value not defined in the domain of the associated 
property. To check whether all these premises are met, five 
conditions had to be added that must be satisfied in order to 
legally carry out the operation. The following axiom deals 
with these problems: 

LE anal 

and ( 
and ( 
and ( 
memprop(pv,crprop(pd,vs)), 


mempidset(pd,getidset (prs) ) 
A 
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(getopidset(o) = getidset(prs) ) 
), 
memclass(o,c) 
), 
memdb (c,d) 
) = true() 
enen 
imo op (T.O pu) = d; 
else modobj(d,o,pv) = unde; 


endif; 


Going line by line through this axiom, it is stated that 


l. the new 'pval' pv to replace the present one has to 
be contained in the property created from the 'pid' pd 
and the 'valset' vs, or in other words, since a 'pval' 
consists of a certain 'pid' and a single 'val,' the 
'pids' will be identical while the 'val' of pv is 
contained in the corresponding 'valset'; 


2.  'pid' pd must be a member of 'propset' prs; 


3. the 'pidset' of object o to be modified must be 
identical with the 'pidset' contained in 'propset' prs; 


4. object o must be contained in class c; 
5. class c must be a member of database d. 
If all these conditions are met, 'modobj(d,o,pv)' is defined 


and the operation can be executed; otherwise it would be 
illegal and can not be carried out. In short, this axiom 
ensures before the operator can be applied, that the new 
propertyvalue may be inserted because the entered property id 
is actually present in the object to be modified, and the new 
value is defined within the domain of the associated property. 
Thus, one instance of this property will be replaced by another 


instance also defined for the particular object. 
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The remaining operators for type 'db' are similar to 
the ones discussed for spec objectclass and are the relational 
operator for membership 'memdb' and the operator 'insclass' 
for the insertion of a class, respectively 'delclass' for its 
deletion. As analogously described before, a class can onlv 
be deleted if it is contained in the database; this is expressed 


in the axiom 


if memdb(c,d) = true() 
then 
delclass(d,c) = d; 
else delclass(d,c) = undef; 
endif; 


If a given class 1S not contained in the database, it can not 
be deleted and the operation is undefined. With the insertion 


of a new class this is not quite as simple: 


if and( 
Ori 
memdb (c; ,d), 
memdb (c. ,d) 
) , 
eqpidset (getcpidset(c,),getcpidset (c,)) 
) = true () 
then 
insclass(d,c,) = undef; 
insclass(d,c,) = undef; 
else if and( 
and ( 
memdb(c,,d), 


not (memdb (c, ,q) ) 
E 
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not (eqpidset (getcpidset (c,) ,getcpidset (c,))) 


) = true () 
then and) 
(insclass(d,c,) = d), 
(getdbpidset (d) = unpidset(getcpidset(ci), 


getcpidset (c,)) 
) ; 
endif; 
Here the axiom defines that if either one of two objectclasses 
Cart: is already a part of the database d and both have the 


me set of property ids 'egpidset(getcpidset(c,),getcpidset(c D 


2 
then there is no way of inserting any of these classes since 


they are already represented. If one of the classes c, is part 


d 
of the database while the other (c5) is not and thev do not have 
Si (ame Set Of property ids, which means they must be differ- 
ent then it would be a legal operation to insert the one not 

m nannedd. The property idset of the database must then 

be extended by the newly added 'pids'; this is done by the 

joint operator 'unpidset.' 

These operations define spec database and thereby the 
fundamental part of all the individual specifications required 
for pee aaae describing the database. The remaining 
portion of Appendix B represents the transition towards corres- 


ponding operations that finally can be translated into machine 


r F yructions. 


+ algebraic semantics describes what has to be done rather 
phan how to do it. 
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C. SPEC. PARAMETERIZATION 

The characteristic properties of a list allow us to des- 
cribe the essential database operations of retrieve, insert, 
modify, and delete in a convenient way. Lists not only provide 
a clearly structured method for treating strings of variable 
length but also support recursive operations, which proves to 
be very useful for searching the database. It is the purpose 
of this section to show how these basic operations can be 
managed by application of the list theory, while in the next 
section we describe its usefulness for our particular data- 
base design. 

This, however, should not be seen as the attempt to narrow 
the spectrum of possibilities for the implementor or to guide 
his attention into one specific direction, since our methodology 
focuses on representation independence. The only reason for 
choosing this approach is that it provides an evident way to 
express our intentions. 

Since the contents of our database can be considered as 
strings rather than as single atoms, it was necessary to make 
provision for this by introducing the additional spec list with 
data type 'elm.'' This spec is a representative of the earlier 
mentioned parameterized specifications. It was used to define 
the special list operations including the recursions which 
offer a convenient way to carry out searches. Spec list allows 
the treatment of all previously described specifications as 1f 


they were of type 'elm,' simply by using a combination of spec 
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list with each of the former specs. For example, by applica- 
meer or the first discussed spec property id using ‘list 
feeoperty 1d), “now the™new spec pidlist can be created which 
enables us to treat the initial data type 'pid' as 'elm' and 

the operator 'eqpid' as 'egelm.' This procedure has the advan- 
tage that we can stay within or continue with the logical 
structure of AM specifications as they were developed by Yurchak 
[Ref. 2] and Hunter [Ref. 3]. It furthermore is a contribution 
to the clarity and simplicity of our work since we can adopt an 
available technique. 

The typical list operators are 'nullst' which returns an 
empty list, 'firstelm' which returns the first element of a 
mcn list, 'firstlst' which retrieves the first list of a 
given list of lists, and 'restlst' which returns either the 


remaining elements or lists of a given list, except the first 


one. The meaning of these operators is expressed in several 
axioms 

firstelm(makelst(k)) = k; 

restlst(makelst(k)) = nullst; 


where 'makelst'is itself an onerator which takes a single 
element and returns a list containing this element as its 


only member 
makelst: elm --> list. 


Should a given list be empty, so that there is no first 
element or any rest, the application of these operators leads 


to an undefined result by the corresponding axioms. 
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In contrast to 'makelst,' the operator 'makenewlst' re- 
quires a list as an input and returns a list again. By this 
operator it then is possible to express the operation rir en E 


in the following axiom: 
flrstlst(makenewlst(1)) = 1; 


thus operator 'makenewlst' has an important function in order 
to indisputably describe the meaning of operator 'firstlst.' 
In fact, lt sometimes is necessary to define an additional 
operator just for the purpose of expressing an already 
developed operation in an unambiguous way. 

Operator 'catlst' allows us to concatenate two lists into 
one and also serves as a Significant tool for illustrating the 
meaning of the previous operations. The following axioms give 


an example: 


firstelm(catlst (makelst(k),1)) = k: 
firstlst(catlst(l,,l.)) = li; 
restlst(catlst(1,,1,)) = 15; 


These are just a few representative axioms dealing with the 
fundamental list operations. Many more are required to actuallv 
express our intentions. They can be found in Appendix B. 

Again, we face the initially encountered problem of how to en- 
sure that we did not miss any axiom of importance which possibly 
could result in an unwanted operation. So there is indeed no 
guarantee that our perception of the specified resource is 


precisely what the specification describes. 


Some other, not necessarily typical list operations also 
had to be introduced for the particular purpose of handling 
all the recently defined, database operations. Because these 
Operators are more complicated they will be discussed in some 
detail in the following. Each of them requires searching the 
database first before it can be applied or successfully ter- 
minated. Consequently an iterating process was needed that 
colita do the job. Due to its simplicity the RS ap- 
proach was chosen, which in general requires a termination 
condition and a certain pattern that reduces the overall prob- 
lem to smaller, solvable subcases. So, what we actually 
created was an archetype for each of the functions, containing 
its syntax and semantics, where the recursive definition can 
be considered as the prototype (compare [Ref. 9]). 

Operator 'delst' is a function that accepts two lists as 
an input and returns a list. The first list is the one to be 


deleted from the list of lists entered as the second argument 


< * . j * 
E delstli(1,),(1.,1,,1.0 > (ta) /*1,: list */ 


Es G 
Two conditions have to be met before this operator can legally 
be applied: The list from which we delete must not be empty, 


and the one being deleted must be contained in it, otherwise 


'delst' becomes undefined. The axiom 


Other approaches, like repeatedly applied function calls, 
sola also do the job. 


ean 


il Orí 
eqlst(1,,/nullst()), 
not (memblst (1, ,1,)) 


) = true() 
then 

delst(l,,l.) = undef; 
else if eglst (1, ,firstlst(1,)) — 'alsel) 
then 


makenewlst(catlst(firstlst(l,),delst(l,,restlst(1,)))); 
else makenewlst(restlst(l.)); 


endif; 
takes care of these cases. The next step then is to find the 
particular list li which shall be erased. The only way to do 


this is by testing list after list of l1, for identity um EI 


2 


If the one being examined ('firstlst(1,)') is not identical 


1° 


with the one to be deleted (1,), it can not be thrown away but 
instead has to be saved, and the operation must be repeated 

with the rest of list 15. This is achieved by the 'else-if' part 
of the axiom, until the identity is finally reached. By the 
'else' part, only the rest of liis: l» is then concatenated to 


the previous portions of l,, while the list searched for will 


be eliminated. 


Example: 
te ane | 
eqist[ (l,l lo, Ol, 
not (memblst[(1,),(1.,1,,1,)] 
) = true() 
then 
delst[(1,),(1.,14,,1.)] = nee i. 


12 


Since this condition does not hold in this example, the 


'else-if' part will be checked: 
Ee [(1,), (1,3) = false() 
then 
makenewlst[catlst((l ),delst((1,), (1,,1.))) ]; 
where 'delst' initializes the repeated application of the 
operation. During the second run the 'else-if' condition 


becomes true 
egist[(1,), (1,)] - true() 
and the 'else' part therefore is activated 
makenewlst (1); 
Ens leads to the concatenation 
eaclst (1 "a JE 
CS 
which is the final result in this case. 


This operation still retains the necessary level of abstraction 


since it would work for every data of type list. The structure 


of the database, as described 
the begining of this chapter, 


list theory. This issue will 


in the eleven specifications at 
supports the application of the 


be ie cussed in the next section. 


Operator 'getlst' takes a list li of lists and a particular 
list l, as input and returns the list corresponding to l, 
= * e 1 * 
getlst[(1.1:115,191;1,55) , (1, 12] > Lio 74 l.: list, / 
It is expressed in the axiom 
TE Or 
eglst(l,,nullst()), 
eglst(l,,nullst ()) 
) = true() 
then 
getlst (1, ,1,) = undef; 
else if egqlst (firstlst(1,),1,) = true() 


Jj. 


then 


Jc Ee) 


>) = firstlst(restlst(1,)); 


]/ 
else 1f eglst(firstlst(restlst(l,)),l.) - true() 
then 
getlst(1,,1,) = firstlst(l,); 


else getlst(restlst(restlst(l,)),l.); 

endif; 
The meaning may not be obvious at the first glance, SOME! 
explain it. The underlying principle is that we consider a 
list of this type as a combination of several pairs of lists. 


Thus, entering a list of lists (1, 1 JE 


Litas 1 ,.) and ones 


[ID 

(1,1) of such a pair shall result in retrieving the matching 
second part of the corresponding pair from the list(l.i;l.5; 
1,171525) - Again, precaution has to be taken for cases where 
this operation can not be performed. For example, when either 
of the lists is empty, then 'getlst' becomes undefined. The 
axiom is constructed in such a way that always a pair Of lust 
from the first list is checked against the second list which 
itself represents only one half of a pair. Should the first 
11.2 161: 152) ') be identical with 
the second list (1,1), then the matching part of the pair 


part or ene Ms ('firstlst(l. 


('firstlst(restlst(l SC 


Eq är bur bal ) will be returned as the 


result. Should the second part of such a pair ('firstlst 


(restlst(l 1 1 ') be -identical with list. Cee 


big 


then the first part of the corresponding pair will be retrieved. 


a O 


If no match occurs the 'else' condition applies, the recursion 


is activated and the remaining pairs from the first list will 
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Bememecked against the second list. So in case l, was not 


contained at all in li; list li will eventually become empty 
and, since it is not possible to retrieve a part of a pair that 
does not exist in the given environment, the operation must 
become undefined at that time. This is exactly what will 
happen by means of the termination condition for the recursion. 
Example: 
aT OY: ( 
eqist[(1.,-1,,) 
) = true () 


then 
getlst[(1 1,1.5;1,4,1,5) Oyn) = undef; 


Since this condition is not true, the 'else-if' part will be 
checked: 

else 1f eglst[(1,,)+(1,,)! = true() 
Mala 1S not true Cither, so the next 'else-if' condition will 
be checked: 

else if eglst[(1.5), (1,1) ] = true () 
since this is false, the 'else' part is activated 

else getlstl (1,712,711 0,1215 
which initializes the repeated application of this operator. 
In the second run, the first 'else-if' condition becomes true 

else if egqlistl(1,1) , (1,1) ] = true() 
so the following statement will be executed: 

then 

1 10 


getlst[(ly,i, b2 pi)! 1,5! 


FE EUrn ingol which is the list that corresponds with the 


2 
second argument l 1 in the described example. 


The next operator, 'sofirstlst' (set of first lists), takes a 
list as input and returns a list or, more precisely, it requires 


a list of lists and gives a set of lists back 


17185 


sofirstlst[l 1 1 Iw (0 be 


al az’ mbi sp al sot 
This special function was introduced to manage the operations 


where a set of first lists shall be retrieved: 


if ltnat(lenlst(1),succnat (succnat (zeronat ()))) - Er 
then 

sofirstlst(l) = undef; 
else if eqnat (lenl1st (1), succnat (succnat (zeronat ()))) 

= true() 
then 

sof£lrstlst(1) =*riws he (ha 
else catlst(firstlst(l),sofirstlst(restlst(restlst(1))))Ê 
endif; 


where the criterion for the operation to be defined is, that 
the list must have at least two elements that themselves are 
lists or lists of lists, which is stated in the 'if-then' part 
of the axiom. This is so because it would not make sense to 
apply ‘sofirstlst' to anything else besides a list of lists. 


The. termination condition will be reached when the lis Wr 


been reduced to just two sublists ('else-if' part). In all 
the other cases the first element of the first list ('firstlst 
(firstlst(l))') will be concatenated to the iterated operation 


'sofirstlst,' now applied to the remaining portion containing 
all other lists except the first one. Thus, finally, pr 


Operator returns every first list from the sublists of list l 


Example: 
DE (Lenart (Lua Lui hua < 2] = true() 
then 
sofirstlstil j,1.5,1,,;,1,,] = undef; 
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Since the length of list 1 = 4, this condition does not hold 
and the 'else-if' part is tested 
else 1f [lenlst(1. ,,1. 5,1, ,; 1,5) = 2] = true() , 
which is not true either, so the 'else' part is applied: 
else catlstl1_,,sofirstlst(1, ,1,,)1; 
thereby initializing the repeated application of the operation. 
In the second run, the 'else if' condition becomes true, 
since (1,171955) now has length = 2, so the 'then' statement 


is applied: 


sofirstlst (1, +1, ,) = Lu? 
which leads to 
catist[l ;,1,i] = (1 151.4) 


thereby returning the set of first lists from the given 
fest 1. 


The last operator to be discussed is called 'retobjlst'; it 
takes two lists as an input and returns a list. It was intro- 
duced with the intention to retrieve all the lists which meet 


a particular condition 


m L Tx Ct 


EDEN) 


yo gg li 


a 
=o > ( 1 


a 2 DEA 


So in some sense, this is the most useful operation because it 
allows us to search a big list for certain sublists without 
having to remember all the details about the sublists. The 
axiom is short: 

E eglst(firstlst(l,),nullst()) — true() 


then 


retobjlst(l,,l - nullst(); 


2) 


else if intlst(l,,firstlst(l,)) = l, 
then 
catlst(firstlst(l,),retobjlst(restlst(l,),l.)); 


MTS 


else retobjlst(restlst(l,),l.); 


endif; 
9 
and states that, if the overall list to be searched (1) tor a 
sublist is empty,this list can not be contained in iC ENDE 


the result is the empty list itself ('if-then' part), which 
also serves as the termination condition for Ene recite Tiori 


Should the intersection between the entered Irst l, and the 


first list of 1, be equivalent to l the entire first list of 


1 2 


1, will be concatenated to the repeated operation now applied 


1 
to the remaining lists of li ('else-if-then' part). This en- 
sures that the list will be completely scanned since more than 
one of the contained sublists could meet the given condi Gaga 
"E IE 1, does not occur in the particularem x= 


being searched at the moment, the intersection of both can not 


comprised in 1 


be equal to 1l and the 'else' part is activated. In this 


D / 
case the operation continues without saving the non-matching 


DOF ELTON 1, - When finally terminated, a concatenated list 


is available that comprises every single list of 1, meeting the 


L 


predefined requirement. 


Example: 
at egist[(1.1,;115,1.4), 0] = true() 


Since this first list of 11 is not empty, the condition does 
not hold and the 'else-if' part is tested 
i 


P 2. n o 
does not hold either, so the 'else pare ER 


retobjlsti((l,i hy, (ln e Laag besi le Lal) 


which initializes the repeated application of 'retobjlIst2! 


else if intlst[ ( 


In the second run, the 'if' condition is Stull net teu ee 
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the 'else-if' part is tested 
ESI cistT(l .), (1 des deemed 


b2 A o> 
since the condition holds, the 'then' statement is executed 
then 
catlst[ (1, ,,1,2) ,/tetobjlst((1_, +1 211.311, (1,,))1: 


which, again, initializes 'retobjlst.' 

a the third run, this leads to the application of 
retobjlst[0,(1,5)] 

but now the 'if' condition is true and the entire operation 

results in the concatenation of [(1 ) ; (1551] with the 


de 


pir 


empty list, which gives us (1 52! as the final result. 


Die 
As discussed earlier, the ENE mechanism has to be used as 

an intermediate storage process to ensure that none of the 
retrieved lists will be lost. By means of parameterization 

all the operators described in the mathematical part of the 

Hu errrcatron (spec property id through spec database) can he 
applied using the adequate list operations. This is achieved 
by short hybrid specifications (Spec pidlist through spec 
dblist) which combine the parameters defined in 'spec list' 

with the corresponding operators of the original specifications, 


giving access to all the operations of data type 'lst.' 


EMI: EUSTSSERUCTURE APPLIED TO DATABASE DESIGN 

In this section we describe how the application of the list 
theory supports the fundamental database operations. Since 
the structure of the abstract database can be compared with a 
large list, this concept will be discussed in more detail. 
Seabee OG wien the baste elements “property @d' and ‘value,’ 


each of the related data tvpes may be considered as forming a 


RE 


list containing just the single element <pid> or <val>, while 
their sets are represented by lists consisting of as many sub- 


lists as required, for example, 
<<pidl> A lg 


Consequently, a 'property' which is defined by a pid iE mE 
'valset' can be expressed by means of a list containing these 
two major sublists as elements, where the second list is itself 


composed of a number of single lists: 
« €pld»ys*wsvall^js$valtz | e 


Adding another '«' at the beginning and one '>" at the ena 
combines several properties into a 'propertvset.' Applying 
this technique to 'propertyvalue' which represents an instance 


of a property, the resultant looks like the following: 
<< el Val 


and the corresponding set can be created by combining the 


necessary number of adeguate ordered pairs 
< < <pidl>,<vall> >,< <pid2>,<val2> >,...,< SP M 


To construct an 'object' is now straightforward since th oE 
ject is nothing more than a particular 'propertyvalueset' it 
self. The 'objectclass' then can be considered as a number of 
different objects put into the same list. But caution has to 
be taken that we do not violate our definition of a class. 


Since objects can only be grouped together if they are struc- 


the same number of corresponding 'pids.' 


tured in a similar way, it is mandatory that they contain — 
12:0) 


A 'class' can be expressed by a list of the form: 


— led raga le EC LC > >, 
9 
ae oie van, a< <pidi>,<vali2> > >, 
stele val > >, eee, “par, <Valty> > > >; 


where the kind and number of 'pids' is the only criterion for 

associating a given object to a certain class, while any 'value' 

necessary for describing an object can legally be attached to 

a 'pid' as long as it is defined in the appropriate domain. 
Finally, the database can be treated like a big list con- 

taining several lists of the class type just described, where 

the same criteria must be met on a hicher level. To see how 

an operation on this list structure works, let's consider the 


disjoint operator for 'pidsets': 
intpidset(pidsetl,pidset2) --> pidset3; 
where, for example, 


RS = =< <p1ldi>,<pid2> >; 
Fm c — — = p1ldi>,<pid3> >. 


Invoking the parameterized spec pidsetlist gives us access to 
espec list and spec property 1idset.  'Intpidset' is then 
replaced by 'intlst' which bv substitution leads to the 
Operation 


Uu EE M Idls-sprd2^5.»,s sprEdU-*spid3» >). 


Since operator 'intlst' is handled by the recursive axiom 


Dee 
(eqlst(ll,nullst()) 
(eq lestes nurse) 
) = true() 
then 
Iintlstlf&iestlst Gi) fil yeas eee 
else if memblst(£irstìlst( bl aru 
then 
catlst(firstlst(ll) ,intlsct(resc att DEE 


true()), 


true()) 


endif; 


first the termination condition is checked, which means, if 
either of the two lists is empty then the intersection must 

be equal to the null-list ('if-then' part). "In cur part niii 
case they are not empty, so the 'else-if' part will be tested. 
Since the first list (‘'<pidl>") of lI °("<<pidl>,<pid aa 
contained in 12 ('<<pidl>,<pid3>>'), this condition ho MM 
the concatenated list ('catlst[<pidl>,intlst((<piq2- wm s, 
<pid3>))]') is created where 'intlst' invokes a recursive opera- 
tion on the rest of ll ('<pid2>') and 12 ('<pidl a G L EE 
This time, since neither the 'if' nor the 'else-if' part is 
true, the 'else' condition is applied which leads to a repeated 


operation on the rest of ll and on 12: 
dE LI SEMI OE 


Now the 'if' part of the axiom becomes true which returns the 


empty list. This results in the concatenation 
catlst(<pl <>! 


and gives '<pidl>' as the intersection of 11 with 12. 


T 


EN LIST RETRIEVAL 
In the previous sections we developed the abstractions of 
the database resource and discussed the set of operators that 
apply to database programming. In AM (version 2.0) the 'state' 
of the machine consists of the aggregation of the memory, 
register, stack cell contents, display register and monitor. 
We will now extend the 'state' to include the new entity 'queue. 
1. Background on the Processor Resource 

For a better understanding of the applied extension, 
in the following paragraph a brief description of AM, taken 
from Hunter [Ref. 3], will be presented. 

In AM (version 1.0) the five primitive data types, 
boolean, natural, integer, character, and string, form the 
atomic data types and are referred to as 'atoms.' Yurchak 
[Ref. 2] as the implementor of AM discussed the impact of the 
relationship between the data and a conventional machine on 
portability issues in detail, and identified the following 
properties of AM which were used to reduce the "semantic gap" 
and give AM its uniqueness: 


- in the organization of primary storage, the next 
logical data item is in the next logical address; 


- except as formally specified, no data type may be 
accessed in any way, as another data type; 


= given any arbitrary logical address, the value stored 
there and its type can always be determined. 


The processor portion of AM is an abstraction of a conventional 
"Von Neumann" machine with some unconventional properties. 


The only machine element is called a 'value.' All data 
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primitives (atoms) map into values. Spec typing, as introduced 
by Hunter, describes the relationship of 'values' and 'atoms.' 
As an illustration of this relationship consider the inter- 
sect operation on two 'pidsets.' We fetch the value represen- 
tation of the first 'pid' of each set from two registers, and 
convert each value to its 'pidset' atom with the 'atomofpidset' 
operator. The 'pids' are intersected in accordance with the 
'pidset' data type, and the resulting 'pid' is converted back 
into a value with 'valofpidset' for storage into a register. 
The operation will be continued recursively until both 'pidsets' 
are completely intersected. 

Primary storage 1S an array of one or more memory seg- 
ments, each of which may contain an arbitrary number of cells. 
Each cell is capable of "containing" any legal data value. 

Both programs and data may reside together in a single segment. 

For high speed storage, there are one or more register seg- 
ments, each of which contains an arbitrary number of registers. | 
AM also has one or more stacks, a heap, a crude file svstem, 
and now a queue. Again, every register, stack and queue cell | 


is capable of containing any type of data. 


others needed for the execution of programs. These are in- 


The basic atomic data types are augmented by several 
structions and memory, register, stack, file addresses, and | 
| 
| 


the queue. 
Za The Queue | 
The value representation of the new data types 'pid,' 


'pidset, 'val,' 'valset,' 'prop,' 'propset,' 'pval,' 'pvals 
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Eb class, and 'db,' may be placed in any memory, register, 
or stack cells with one exception: whenever a set of 'pids,' 
'vals,' 'pvals' or 'objs' will be retrieved, they can not be 
displayed until they are first placed in the queue. The con- 
cept of the queue is similar to a stack. Since we do not want 
the programmer to have access to the "inside" of the queue nor 
want to provide facilities for altering the queue in any way, 
we make its use only available for the very special purpose 

of acting as a buffer for the data retrieved from the database 
SO it can be returned to the programmer when a search is com- 
plete. The reason for introducing the queue is that the order 
always matters in a database. Thus, a stack which reverses the 
sequence between inputs and outputs would not work for this 
Case. The queue preserves the order in which data is entered, 
and although queue operations are more difficult to specify 
than the stack operations, it finally was adopted. 

To make the queue mechanism operational in a similar 
way as the stack, instructions were installed for opening/ 
closing and reading/writing ('spec instructions'), while the 
operations for defining the state of the queue and their meaning 
were added to 'spec amstate.' The program portion is described 
in 'spec am' which makes the queue an integrated part of AM. 

The database résource can be invoked by the operator 
'Opendb' which requires a characterstring as identifier, a 


database, a state, and returns a state. Provision for closing 
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the database is made by the operator 'closedb' which requires 
a database and a state as input and returns a state, thereby 


terminating the access. 
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VI. IMPLEMENTATION 


At present, only the original AM, version 1.0, is imple- 
mented and operates as a finite state machine interpreter. IE 
comprises approximately 12,000 lines of C code, including the 
assembler. Developed by Yurchak, the overall concept for the 
assembler is as simple as it is effective. A text file repre- 
senting an assembly language program is translated by the 
assembler into a relocatable object module. A loader, part of 
the AM interpreter, then loads this object module into the 
appropriate cells, and AM executes it. The reader is referred 
to Appendix C for more details about the assembler. 

Since Yurchak [Ref. 2] as the originator provides a complete 
description of the AM implementation, we will repeat major 
portions of his work but also consider points of interest found 
in Hunter's [Ref.3] description of the version 2.0 extension 
while finally adding some examples and discussion of our latest 
modification towards AM, version 3.0. 

For time reasons, neither the bit-mapped display nor the 
database resource have actually been implemented. Rehosting the 
original AM, version l.0-Unix from a VAX 780 to a Zenith 2100 
microcomputer by Hunter manifested once again all the typical. 
difficulties known as "the portability problem." This rehost- 
ing required approximately 350 functions to be renamed 


throughout the 12,000 lines of code, since the compiler and 
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linker now used operate on shorter character names only. 
Another problem Hunter faced during the re-implementation of 
version 1.0 was that, although the Unix C compiler allowed 
passing of structures by value, the Lattice C compiler io Ka 
Zenith version does not, so the entire program had to he 
converted to passing structures by pointer. Thus major parts 
of the initial AM had to be modified or rewritten by Hunter. 

But despite these problems usually encountered when porting 
software, the number of test programs developed for the Unix 
version run on the Zenith Z100 with the same results. So far 
the assembler has been revised to handle the full extension 
for both versions 2.0 and 340 ine luding all new data types, 
the resource extensions, plus some additional operators for the 
original data types, as mentioned before. The machine itself 
however, has not yet been extended to handle the new data types 
introduced by the gradual modification. This remains for 
some future work. 

After this description of the present state of the AM 
development, we will now continue with the overview of the 
implementation. There are four main areas: the representation 
of data types, the mapping of operators in the specification to @ 
functions in the interpreter, the handling of errors, and 


the execution of a program. 


A. IMPLEMENTING DATA TYPES 
Since it provided an easy translation from the specifica- 


tion, C was adopted by Yurchak as the corresponding Programming 
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language for AM. But as he states in his work, another 
language, like LISP might have done the job as well. 

AM is a tagged architecture. Each data element or value 
must be self-descriptive. As Hunter points out, it is impor- 
tant to realize the distinction between an atom which corres- 
ponds with a data type, and a value. In contrast to an atom 
that is referred to as sort in our specifications and repre- 
fees a problem solving abstraction like ‘pid’ or 'obj' for 
the database, a value embodies a machine element. Furthermore, 
an atom is representation independent and keeps its level of 
abstraction, while a value is the specific representation of 
such an atom. Representation independence is achieved by cer- 
tain conversion functions (Appendix B) that map all atoms into 
appropriate values and vice versa. This translation technique 
enables us to determine the type of a value solely from the 
value itself, which is one of the EE properties of AM 
and gives the machine its tagged architecture, introduced to 
ease the "portability problem." The most likely construct to 
Ede tuis feature is a structure (record). 

Each atom is represented in C-language as a structure con- 
sisting of a 16-bit tag field, and a value field. The size of 
the value field varies with the type. GE sort in the speci- 
fication, as the equivalent to an atom, is assigned a 16-bit 
code. Whenever an atom is created, or copied, it is tagged 
with the appropriate code. Figure VI.1 lists some fragments 


from the header files used by our interpreter and represents 
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the 'natural' data type which has a simple value field. 
Hunter [Ref. 3] compressed the initial term 'NAT TYPE' to the 


handier 'T NAT' for the reasons given above. 


Fae fines lei DP 0x0002 MAULE EN 
typedef unsigned intnat; 


Evpeder Sc uc 


EE 
nat val; 
} NAT; 
Figure VI.l. Type Definitions for Natural 


By using a fixed size tag field as the first field in each 
record, we build in some additional robustness since, even 
in the event of a mistyped structure being copied into the 
formal parameter of a function, we can rely upon the first 
word to be a valid code (the type). 

The next step is to describe the structure for machine 
values that must be capable of containing any atom. To manage 
this problem, Yurchak introduced the union operation which 
involves every single sort defined in the specifications so 
that any atom can be represented by the value structure. Due 
to the "Z100" characteristics, the value structure is divided 
into portions of two bytes for the tag field and four bytes 
for a pointer; the data type's value will be represented 
either directly in such a value field or, if Jt cun" notes 


expressed within the space of the four bytes available, 
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a pointer to its real location is used. String and list struc- 
tures are examples that use pointers since their size is varia- 
ble and usually large. : 

Maes, Vio 2 shows the concept of the union structure for 
machine values VAL. Because the number of data tvpes increased 
very much in the latest modification of AM, only a sample of 
the values actually present is given. Hunter [Ref. 3] also 
notices that INSTR itself represents a VAL pointing to another 
nach contains the instruction's opcode. By this tech- 
nique it becomes possible to fetch and store instructions, 
thereby allowing us to put a program into memory and to execute 
D. 

The primary physical resources are also defined as struc- 
tures. A sample of these resources is presented in Figure VI.3. 
Registers, display registers, memory and stacks are represented 
as arrays of arrays of pointers to values. The reader should 
note that a simple change to the constants in the header files 
can completely alter the configuration of the machine. We 
can specify an arbitrary number of arbitrary long memory, 
register and display register seaments, as well as different 
sizes for an arbitrary number of stacks and the queue. Data- 
base and file are represented as an array of structures, with 
ar eiles containing an input/output buffer in addition to the 
Status information contained in both. The number of separate 
databases or the number and type of files can be changed by 


recompiling the corresponding module of the interpreter. 


qun 


typedef short opcode; 


typedef Struct A" 
short type; 
union value *val; 

} INSTR 


typedef union value { 
short types 
opcode opcdval; /*this is the compressed version 
of the initially used term 
'opcodeval'*/ 


BOOL boolval; /*starting here the data types 
INT intval; are listed*/ 

FONT fontval; 

LIST listval: 

MAD madval; /*memory address*/ 

QADDR gaddrval; /*gueue address*/ 


INSTR lnstrval; 


MOP mopval; /*monadic operator*/ 
DOP dopval; /*dyadic operator*/ 
] VAL; 
Figure VI.2. Machine Values 
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typedef struct { 
int size; 
VAL **val 
} memseg; 


typedef struct { 
inte Size; 


int sp; 
VAL **val 
} stkseg; 


typedef struct { 
ee Ss Ze > 
VAL  **val 
) gseg; 


edet struct Í 
int stat; 
int mode; 


int type; 
Tmc eval; 
} fileseg; 


typedef struct { 
inte stat; 
NES val; 
} dbseg; 


#define NUMMEMSEG 


° 
, 


° 
, 


° 
, 


#define NUMSTKSEG 


#define NUMQSEG 
#define NUMFILES 
#define NUMDB 


memseg mem[ NUMMEMSEG! 


1027 0 
W240 


° 
f 


stkseg stk[ NUMSTKSEG] 


ZO 
qseg q! NUMQSEG] 
5 55.12; 0 


Lg 
= í 


| 


Figure 


j= 
I OR 


/*memory segment*/ 


/*stack segment*/ 


/*queue segment*/ 


/*file segment*/ 


/*database segment*/ 


1024 


/*de£ined for 1 database*/ 


VI.3. The Physical Resource 


With respect to the characteristic requirements for re- 
trieving selected contents from the database, the queue was 
provided to act as a buffer. Since this is the Primary edson 
for the queue, its accessibility has been limited to serve Just 
this purpose. There are 11 tact on tecno Eno: accessina 
the queue, either directly or via main memory and register 
operations that directly lead to the physical address of the 
data. The database must be opened similar to a file in order 
to perform the desired operations, and must be closed again 


when the operations are terminated. 


B. MAPPING OPERATORS TO FUNCTIONS 

It seems natural, although incorrect, to look at the 
Operators in a spec as functions. However, in the implementa- 
tion, this makes perfect sense. Figure VI.4 lists the code 
for the AM module which implements the boolean type. The 
header files which provide the constant definitions are omitted 
here. Notice that, where possible, we rely upon the operations 
provided by the C language, rather than slow down an already 
Slow interpreter with axiomatic implementations of the 
operators. 

As the implementation proceeds to more complex specifica- 
tions, the program relies less upon C and more upon the opera- 
tors which we have defined. In fact, the more complex operators 
are implemented as calls to previously defined functions which 


almost directly mimic the axioms from which they are derived. 
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E@OLtrUS = í T BOOL,l T; /*the initially used BOOL 
TYPE was replaced by the ` 
more complex term T BOOL*/ 

EQOLEalse { T BOOL,O }; o 

POOL “not (a) 

ZER a; 


BOOL “Emp; /*'tmp' was installed by 
Hunter*/ 

tmp - (BOOL*)tmalloc(í(sizeof(BOOL)); 
Emp type = T BOOL; 
tmp->val!= a->val; 
return (tmp); 

} 

BOOL *and (a,b) 

BOOL *a,*b; 

{ 
SOOL” “emp ; 


ce — WErOOn* |Emalloc(sizeof(BOOL)); 
puppe — T BOOL; 
cp >Va— (a->val&sb->val); 
return (tmp); 

} 

BOOL *eqbool (a,b) 

ZOOL, *a,*b; 

( 
PSOL “Emp; 


tmp - (BOOL*)tmalloc(sizeof (BOOLD)); 
mes ctype — T ROOL; 
tmp->val = (a~>val == b->val); 
return (tmp); 

} 

meom *neboolía,b) 

ESOL *a,*b; 

} 
ESOL. ^p; 


tmp = (BOOL*)tmalloc(sizeof(BOOL)); 
EE BOO Ty 
pues vat — (a-^val !- b-?vat); 
return(tmp); 
) 
BOOL *or(a,b) â 
BOOL  *a,*b; 
{ 
POOLT Cmo; 


Figure VI.4 Operator to Function Mapping for Type BOOL 
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tmp = (BOOL*) tmalloc (sizeof (BOOL) ); 
tmp->type = T BOOL; 


tmp->val = (a->val : b->val); 
return emp) 


Figure VI.4 (CONTINUED) 


C. ERROR HANDLING 

The method of treating errors was entirely revised by 
Hunter. All errors in the specifications are now described with 
the 'undef' operator. By definition, that makes all errors 
fatal, but they need not be. Those errors which are not, must 
then be defined explicitly in the specification. As remarked 
earlier, a more detailed treatment of errors would be an area 
por furcher study: 

AM flags most errors ın the operators which perform data 
conversions. This is a natural place for this to occur, since 
it is difficult to see how the type of a data element may be 
changed at any other time. Figure VI.5 shows a fragment which 
implements the 'property id' conversion routines. Miera 
'error' does not return, but terminates execution after writing 
the error message to 'stderr.' Notice that, even if a much 
larger structure was passed to 'atomofpid' or 'valotprd NM 
error would be detected and handled gracefully. 

This type of error checking is also performed in the func- 


tions which implement data operations. 


So 


Ee 1.0 (7) pom In SImEtomotfpid :*/ 


EAT ^v; 
{ 
PID *b; 
m pe $= V PID) Pee Gee term tor PID VAL*/ 
errcr( value not o£ type PID -%x", v->type); 
oe — (ei p*) tmalloc (sizeof (PID) ); 
D type = T PID; FN WE m ror EE TYPE*/ 
b=>val = v->pidval.val; 
eturnt(b); 
} 
ES *vlpid(b) "IN Ort Form for valofpid*/ 
HERD  *b; 
{ 
MAD. ^v; 
WD -type != T PID) 
error("atom not of type PID -3x", b-»^type); 
v = (VAL*)tmalloc(sizeof (VAL) ); 
ve pudval- type = V PID; 
v->pidval.val = b->val; 
return (v) ; 
) 
nc Enror Handling Routine for Property id Type 


FEW EXECUTION 

The final point of interest involves actually executing a 
program. The method is also illustrative of the way in which 
the program mimics the axioms of the specification. Here, 
too, we resort to subterfuge to implement ina finite way a 
specification which could require the expenditure of an infinite 
resource (an implied stack in this case). The problem is the 


corecursive relationshio between the functions 'xeq' and 


'prog.' We eliminate this problem by never actually returning 
from 'xeq.' We rely on a dangerous but effective C idiom, 
Sue and “longjmp.' Figure VI.6 illustrates this. 


hey 


main(argc,argv) 
char *argv[]; 


{ 


int ap, /*check for toggles 
for (ap=l;ap<argc;aptt) { 
y£. (sap yi ap]; n 
1£ (*Cargvl[ap]+1 — a 
traceflaq = 1; /*added by Hunter*/ 
xtracetlag = i; | 
it (*(aravlap]tl) == P tc) 
traceflag = l; 
) 
} 
inet) / main Body, 
amload(); 
ser mo contes 
O = proga TE O); 
exit (0); 
STATE DECC Umso /* program fOr PROS 
MD DU ^m; 
STATE g; 
q = xegqlatinstr(fetehm m o sm 
, /*short term for atomofinstrag 
STATE xeq(i,m,q) /*program for ess. 
INSIR Fi; 
MAD "me 
STATE g; 
{ 
OPd 5D; 
18 (1>typel=T TNS) /*shortustrerm_ ros INSTR TYPED 
error("attempt to execute non-instruction -%x", 1->type) 
p = 1->val; 


switch (getopcode(p[0].opcodeval) ) { 
/*a case and semantics for each valid opcode goes 
here*/ 
detalles 
error ("attempt to execute an illegal instruction — 
p[0] .opcodeval) ; 


long] Mp (Seen tex er ae 


Figure VI.6. Program Exec eniem 
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In 'main,' 'initam" configures AM and invokes all of the 
initialization operators.  'Amload' loads a program from secon- 
dary storage into the appropriate cells as directed by the 
linker directives in the object module.  'Setjmp' then saves 
EL .- ort cune real” machine. The variable " pc' is the 
program counter which is set inside 'amload.' Now everything 
is set. The program is loaded and ready to run. 


'Prog' is now called. Notice that 'prog' simply invokes 


'xeg.' Recall now the axiom which defines the semantics of 
execution: 
puesmegd) = «eq (atomofinstr (fetchm(m,q)) ,m,q); 


The value of a language which permits usefully long names is 
obvious in this case. Within 'xeg' a large case statement 
decodes the instruction and executes it according to the 
semantics provided for that case. This semantics is very closely 
modeled on the axioms in the specification. Figure VI.7 shows 


one such case and its accompnaying semantic action. 


case IM M M; 


Ps Or em 
fetchm ( 
&pll].madval, /*val of memaddr pointed to 
E | 
q I*a stattet 
) ; 
d &p[2] .madval, 
q 
i; 
£ lte Ne 
break 
E rhe Semantics for mov m m' 


|l 


Now compare Figure VI.7 to the axiom for mov m m. 


xeq(mov m m(ml,m2),m,q) - 
prog( 
nxtmac sm 
storem( 
Leteohmuum | cn 
ma 
q 


JE 


The -similarities are mot ccevoemr: om This should make vere 


point that it is beneficial for the implementation language 


to permit such a close modeling of the specification. Obviously, 


this made the implementation easier to write, debug and 


understand. 


E. DATABASE IMPLEMENTATION ISSUES 

Similar to a file system, the database consists of two 
major parts: the information contained in it and the program 
that allows the user to manipulate this Let EEN Once 
implemented, both program and content of the databases are 
rather fixed, although the information part can gradually be 
changed by iterated application of the appropriate commands. 
Thus in general the user is limited to retrieving or modi na 
the stored information, but this is the main purpose of a daca. 
base. Should a conceptual change of the — become necesa 
Sary after a while, it is more convenient to revise the kind 
and arrangement of the data, and let the entire database then 


be re-implemented by an application programmer. 


J40 





Theoreticallv, there exist no boundaries for the size of 
our abstract database, which means objects can be defined by 
any number of propertyvalues, and classes may contain any 
number of objects. But in reality we cannot ignore the capa- 
bility of the available physical resources. Since databases 
tend to increase rapidly, the capacity of the attached storage 
device will set the natural limit. 

Practically speaking, a user would need a DDL tool to 
effectively create a database, just as a compiler would be 
needed to effectively write programs for AM. The purpose of 
this thesis however, is to give a precise specification of the 
low level resources needed for a database. 

The particular commands accessible by the user will be 
fully integrated into the AM instruction set.  Thev mainly 
consist of the operations described in spec objectclass and 
Spec database and are considered sufficient to perform all the 
necessary data manipulations. The operators provided permit | 
the insertion and deletion of an object into/from a given class, 
the update of an object by modification of its contents, and 
the selection of one or more objects in accordance with a 
predefined condition. As soon as the database part of AM is 
invoked (instruction 'opendb') these commands can be applied 
to the contents representing tbis database after they are 
Brought into main memory first. For any change, data are 
fetched from their memory location, loaded into a register, 


and stored back when the operation is completed. After 
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termination of the desired activities the database must be 
closed (instruction 'closedb') and the data will be transferred 
back to secondary storage. This procedure ensures that the 

data residing in secondary storage at the end of the operation 
always represent the actual state of the database. A presorting 
of data outside main memory is not feasible, since we do not 
presume the existence of an additional processor which is usually 
known as back-end computer. 

To select an object on the basis of a certain entity by 
which it is defined, called 'propertyvalue' ('pv') in our 
terminology, the characterizing 'pv' will be loaded into a 
register as a comparand. Identified by the corresponding 


‘property Lë of this 'pv,! the class possibly contain K 
required object is then localized and the entire 'ov' set of 

its first object will be loaded into a separate set of registers. 
If a match occurs between the comparand and the register con- 
taining the adequate 'pv' of the object, the total GE set is 
copied into the queue and the next object will be loaded. If 

no match takes place the procedure will be continued without 
storing the object in the queue. When the entire class has 

been searched, the 'select' operation terminates and the resul- | 
tant object(s) can be read from the queue. The state of the 
database will not be changed by this operation since only a 
partial copy is taken. But it can not be excluded that MANSON 
the objects would meet the criterion searched for rr Fo 


case no copy will reside in the queue and the returned 'pv' 


set 1s empty. 
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In contrast to the 'select' operation, which can be con- 
sidered as a read function, insertion, deletion, and modifi- 
cation actually do change the given state of the database, so 
these operations are a little more complicated. Inserting 
eed Object requires, besides the "pv" set that defines it, 
the class to which it is inserted. This technique ensures that 
no object accidentally will be inserted which is not attached 
NM certain class. Without this restriction, the structure 
of the database could be changed in an unacceptable way. When 
the class has been identified by comparison of the correspond- 
Diem property ids*' the new object will be added at the end of 
that class. An error handling routine is invoked should the 
reguired class not exist. 

At this point the question must be answered where the special 
identifier or 'key,' mentioned in a previous chapter, would 
best fit. Such e device is necessary to distinguish between 
'pv' sets which incidentally are identical, although they may 
represent different objects, or to detect an unwanted redun- 
dancy. Only an identifier that 1s unique to every single ob- 
ject can meet this requirement. However, the simple arrangement 
of the objects in a numerical order would not work, since by 
mistake the same ee m could be listed under different numbers 
without the means of recognizing the error. The only way to 
solve this problem is by introducing a key value that can only 
be applied in connection with the particular object it defines, 


like a social security number or a similar characteristic 
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attribute. We adopt this technique but leave the selection 

of the proper criterion up to the application programmer. 
However, it is considered advantageous always to define the 
first 'property id' of a class as the key element. Th R M 
allow the arrangement of the objects in a numerical or alpha- 
betical order with regard to their identifiers. 

Deletion and modification have one thing in common. The 
particular object must be retrieved first before the operation 
can be applied. This will be achieved in a similar way as for 
the 'selection' operator. The 'pv' set of the object in ques- 
tion is loaded into a set of registers and the appropriate 
class is identified. Then the 'pv' set representing the first 
object of the class is loaded into a Separate set of registers 
and checked for identity. As soon as a match occurs the search 
stops. In the case of a modification the up-dated 'pv' set 


will be stored in memory and the pointers are adapted to the 





new location. For a deletion operation the pointers are advanced: 
and the "erased" object will be by-passed. If the indicated ob- 
ject cannot be found in the appropriate class, an error handling 
routine is activated and the state of the database will not 


be changed. 
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VII. CONCLUSIONS 


Interface standards that are precise, understandable and 
enforceable can provide a way to improve efforts toward porta- 
ble software. With the abstraction of a database, we not only 
extended AM by adding another basic resource to the processor 
and the visual display device, but also showed a way to reduce 
the database to its fundamental properties. Rather than being 
concerned with a specific data definition or query language, 
our abstraction of a database is intended to provide a uni- 
RON, abstract, and functional interface to the computing system. 

By this concept the application programmer retains all the 
freedom he needs to actually implement the database resource 
in a way that fits his purpose best. And although it mav turn 
out that the AM machine becomes even slower as the result of 
MW Wadditional data types we introduced, the specified axioms 
fully describe the operations in a precise, unambiguous and 
easily understandable manner, thus leaving no room for any 
different interpretation by the programmer. 

Based on the principle of resource abstraction, the AM 
specification intensively supports a strong typing such that 
objects of a given type can not take other values than the ones 
appropriate to the tvpe, and no operations can legally be 
applied to an object which are not defined for its type. All 
these decisions naturally reduce efficiency, but this loss 


will be compensated by gains in clearness and accuracy. 
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It is difficult to foresee how much AM can be modified for 
efficiency without compromising the level of abstraction pre- 
sently achieved. To test for resource equivalence or to prove 
the correctness of implementations of resource specifications 
is a nontrivial matter, and this problem certainly will in- 
crease with every change attempted. So, for the near future, 
it seems that we have to nay the price for implementing in 
a strictly formal way, since no promising theory is yet known 
to reduce the Jarge number of necessarv parecer calls within 
the specification. 

Further basic resources that could be taken into consider- 
ation for a possible AM extension are a so-called mouse device 
with properties similar to the joy stick cursor, and a 


keyboard, 
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APPENDIX A 


A GRAMMAR FOR ALGEBRAIC SPECIFICATIONS 


abstraction: 
(abstraction spec)? 


spec: 
(spechead|parmhead) specbody specend 


spechead: 
nameblk '1s' 


parmhead: 
nameblk 'parm' specbody 


Ts 
specend: 

'end' specname ':' 
nameblk: 

'Spec' specname 


specbody: 
extension? specblk 


extension: 
extendblk specblk 'end' 'extend' ';' 


extendblk: 
'extend' specnames 'with' 


Specnames: 
specname 
|specnames ',' specname 


Specblk : 
useblk 
|sortblk? opblk axiomblk? 


useblk: 
'use' specname '(' specname ')' mapping? specblk 
'enduse' 


mapping: 
'where' eqivlist 


equivlist: 
U 1 


equivalence '; 
leguivlist equivalence ';' 
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equiva lenge. 
sortname.'1s wsorename 


|opname 'is' opname 
SOrtDIk: 
'Sort' sortnames 
sortnames: 
sortname !';' 
|sortnames sortname ';' 
pnl: 
primblk? dervblk? hiddenblk? 
primblk: 
'primitive' 'op' ops 
ODS: 
op ' . ' 
|ops op ';' 
Op: 
opname ';' arglist? '->' sortname 
arglist: 


sör name 
larglist ',' sortname 


dervblk: 
dervops dervdef 


dervops: 
'derived' 'op' ops 


dervdef: 
‘derived! ‘def' axioms 


hiddenblk: 
'hidden' 'op' ops 


axiomblk: 
OXON axioms 


axioms: 
axiom ';' 
laxioms axiom ';' 


axiom: 


conditional 
| ('for' varlist 'in' sortname)? termexpr '-' termexpr 
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eermexpr : 
factor 
|multiplier? opname '(' factors ')' 


mee tOrs : 

factor 

estores ',' factor 
PACTO YX: 

mutter? opname '(' 'j"' 

| freevar 
varlist: 

freevar 

Eu £reevar 
mpdtiplier: 

Fee o itive number * | ' 
eendi tional: 


BI mu sot meta relop termexpr Chen “else? 


Matan relop: 


then: 
senen Axioms 


else: 
L JS LOs 
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'endif' 


APPENDIX B 


THE SPECIFICATION FOR AM (WERGIONWJO OP 


replace() 
"NUMINTENS" 
with 
"199 11 


replace () 
"DISPLAYSIZE" 
with 
"9999" 


replace (X,S) 
"equrvrel(X 5); 
with 
“X(i i) = true( s 
A cec O e 
impliesland(X(1,3),X(I,K)),X(1,Kk)10= r o TM 


replace(X,S) 
"reflexive(X,S);" 
with 
a qeu IEHCT MD 


replace(X,S) 
"commutative(Xx,S);" 
with 
EE Ee 


replace(X,S) 
"rransrtive(x S); 
with 
"Amplies(and(X(i,j),X(JR))QX (ur RO) p Ei n oD 


replace(x,S) 
"associative(X,S);" 

with 
dx X de xU Ime 





replace(X,S) 

mibeine: Lexive(xX,S);" 
with 

(Jl) = false();" 


replace (X,S) 
B aumetric(X,S);" 
with 
BmbttresXOr,;3),X(j,i1)) = truel); 


"Ñ 


replace (X,S) 
Bantrisymmetric(X,S);" 
with 
Ermarires(and(X(1,3),X(j,i1)),(i == j)) = true(); 


replace(S,T) 
a opers(S,T);" 
with 
potartT: > S; 
MEÉXET<S > S; 
mimevi:s:S > S; 
F. S.S — bool;" 


replace(s,T) 
arcuaxrloms(S,T);" 

with 
"prevS(startT()) - undef; 

prevS(nextS(i)) = i; 

1f 1 != startT() then 
nexts (prevS (1) ) 

endif; 

eguivrel(egS,S);" 


I o~ 


) 
de) 


I; 


replace(S) 
"typingopers(S); 
with 
"typeS: > type; 
“morc: val > S; 
OEOD: Ss > val;" 


replace (S) 
"typingaxioms(S); 

with 
"whattype(valofS(t)) 
atomofS(valofS(t)) - 


= typeS(); 
Ë. 


TSI 


if whattype(v) typeS() 
then valofS(atomofS(v)) 
else atomofS(v) undef; 


endif;" 


replace(S,T) 
Fe Lope 
with 
Papp ly Lop (STG) Vinee) 


atomors(vZ) i) 


replace (S) 
“isops(S);" 
with 
"if whattype(v) types () 
then applybop(isS(),V) 
else applybop(isS(),v) 
endif;" 


replace(S,T) 
"stacreaxzioms S n) ° 
wi thi 
"fetchS(a,initam()) undef; 
storeS (fetchS(a,q),a,q) = q; 
implies ( à 
eqT(al,a2), 
fetchS (al ,storeS(v,a2,q)) 
) = teruel); 
implies ( 
not (eqT(al,a2)), 
fetchS (al, stores (v,a2,4)) 
true)" 


JN 


replace 
"crpidset" 
with 


"pidsetlist.makelst" 


replace 
"unpidset" 
with 


"pidsetlist.unlst" 


replace 
"intpidset" 
with 


‘pidsetlist intl! 


Vi 


valofbool CTs (atomorsS a. s 


vadiotocou c 


valofbool(false()); 


teten tale) 


/* database part */ 


| 
LI 
NO 


replace 
"mempidset" 

with 
"pidsetlist.memblst" 


replace 
"crvalset" 

with 
"valsetlist.makelst" 


r place 
"unvalset" 

with 
evalsetlist.unlst" 


replace 
"intvalset" 

with 
"valsetlist.intlst" 


replace 
"memvalset" 

with 
"valsetlist.memblst" 


replace 
Egetd " 

with 
mecoolist.firstlst" 


replace | 
"getvalset" 

with 
Mo» list.restlst" 


replace 


MERprop” 
with 


Mproplisticatlst" 


replace 


T erpropset' 
with 
"propsetlist.makenewlst" 


lle 


replace 
"unpropset" 
with 
EE EE 


replace 
"intpropset" 

with 
"propseclist.int1s 


replace 
"getidset" 

with 
"OrOpsetlisessOblys tice. 


replace 
"mempropset" 

with 
"propsetlist.memblst" 


replace 
CrYpropval] 

with 
“PValtast.cat lst” 


replace 
"qebpyd-^ 

with 
Moved qst sucus 


replace 
"getval" 

with 
"pvallist.restlst" 


replace 
"memprop" 

with 
"pvallist.memblst" 


replace 
"crpvalset" 

with 
"pvalsetlist.makenewlst" 
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replace 
"unpvalset" 

with 
Bevalscelise.unist” 


replace 
"intpvalset" 

with 
Mevalset1ist.intlst" 


replace 
"mempvalset" 

with 
"pvalsetlist.memblst" 


replace 
“mempset" 

with 
"pvalsetlist.memblst" 


replace 
"getpidset" 

with 
"pvalsetlist.sofirstlst" 


replace 
Gel OD” 

with 
"Objlist.makenewlst" 


replace 
"readobj" 

with 
"objlist.makenewlst" 


replace 
"haspval" 

with 
"objlist.memblst" 


i place 
"getopidset" 
with 
o li SC. Sorirstlst”" 
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replace 
Ce be vane 

wren 
"obglrstegetlste 


replace 
"crclass" 

with 
"classlist.makenewlst" 


EE 
UT 

with 
“Classlast.unlse 


replace 
rintelass" 
with 
"Class list. leas 


EEN E 
"memclass" 
wl 
"class kist. memb iSi 


replace 
"subclass" 

with 
"classlist.memblst" 


replace 
EE EEN 

with 
"oclasslystssoterstlet: 


replace 
"ASOD ys 

wl Eli 
"oclasslist.caty]lst" 


replace 
“Ce TOD 

with 
"classlistudelst'" 


1:36 


replace 
11 crdb" 

with 
"dblist.makenewlst" 


replace 
"memdb " 

with 
"dblist.memblst" 


replace 
"insclass" 

with 
Edolist.catlst" 


m place 
"delclass" 

with 
"dblist.delst" 


m— lace 
"retclass" 

wath 
sablist.intlst” 


replace 
"retobj" 
with 
Nao list. retob31st" 


place 
"getbdbidset" 
with 
ela Sipser westist™ 


replace 
GHG To Tim 
with o 
MUS Estos s 
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database part 


i 


spec boolean 
1s 
Sor 
BOSA 
primitive 
Op 
true: >) bool. 
false: > bool; 
not. Doo al 
and: bool, bool pool; 
derived 
Op 
Ör: bool, Dool 5990 
implies: bool, book = Dooi; 


derived 
def 
or (bl b2) EES 
implies (b1l,5b2) = noeland(>l newts 
axiom 
false() = not(true()); 
not (Me tio) =D 
ana (true (Mio A 
and (false(),b) = false(); 


commutative(and,bool); 
end boolean; 


Spec natural 
is 
extend 
boolean 
WITH 
sort 
nat; 
primitive 
Op 
Zeronat: >» nar. 
prednat: nat se nar, 
S. CC hat. NaC nas: 
sumnat:. nat; nat >= "Mars 
subnat: nat,nat > nat; 
mitnat: nat,nat + nāt; 
divnats nat nae "Lar 


° egnat: nat nal + bool 
gaen: na iau = DOOR 

derived: 

Op 
Tenatsonatynat >: pools 
genat: nat, nat -oR 
lenat: nat,nat > bool; 
nenat: at nat Pook 


SS 


< 
=e 


Zero sm 
predecessor */ 
Successor */ 
addition +7 
subtraction 
multiplicatrobem 
division 

equal */ 

greater thang 


less than */ 
greater or equal */ 
less or equal */ 
not equal */ 


derived" 


def 
Laie, — NOoul(or(genac(n,m),eqnat (n,m) ) 
genat(n, E = noel tnat (n,m)); 
lenat(n,m) = not(gtnat(n,m)); 
nenat(n,m) = not(eqnat(n,m)); 
axiom 

prednat(zeronat()) = undef; 
prednat(succnat(n)) =n; 
succnat (prednat(n)) = n; 
sumnat (n,zeronat()) = n; 
sumnat(n,succnat(m)) = succnat (sumnat (n,m)); 
subnat(n,zeronat()) = n; 
if gtnat(n,m) = true() 
then 

subnat(n,succnat(m)) = prednat(subnat(n,m)); 
else 

subnat(n,succnat(m)) = undef; 
endif; 
mltnat (x,zeronat()) = zeronat(); 
ketene (<,Succnat(zeronat()) ) = x; 
micaela, y) = sumnat(x,mltnat(x,prednat(y)p) 
1f y = zeronat() 
then 

divnat(x,y) = undef; 
else if ltnat(x,y) = true() 
then 

Giviwse (x,y) = Zeronat() ; 
else 

divnat(x,y) = sumnat ( 

Succnat (zeronat()), 
Gav nae( subnace (x,y) v) 

ys 
endif; 
endif; 
eqnat(n,m) = eqnat(succnat(n),succnat(m 
Gtnat (amecenat(n) ,n) = true()- 


eguivrel(egnat,nat); 
irreflexive(gtnat,nat); 
irreflexive(ltnat,nat); 
transitive(gtnat,nat); 
transitive(ltnat,nat); 
transitive(genat,nat); 
transitive(lenat,nat); 
antisymmetric(genat,nat); 
antisymmetric(lenat,nat) ; 
symmetric(nenat,nat) ; 
commutative(sumnat,nat) ; 
commutative (mltnat,nat) ; 
associative(sumnat,nat) ; 
associative(mltnat,nat); 
end extend; 
end natural; 


meg 


Spec integer 


is 


extend 
boo 
nat 

with 


lean, 


sort 


pri 
Op 


ae 
mitive 


zero os ru 


nto mac Gime. /* nat to intmü a; 
iton: Ine 020 /* int to nate 
absint: InC InG; /* absolute value */ 


predint: int nie 
Scc: Jn eu 
SUMING? Ine inte cM 


sublint: de Int t SENE 
mltrnts intro EN D IMS 
divrnt: nc Ne eat 
modint: nte, int uu S /* Modulos 


egint: at, Int > pool 
dn EES 


derived 
Op 
tinte ant bc eG UM 
geint: int, int bc 
Teint:. int, ln 9595909 
neaint- int, int — peel 
derived 
def 
ltint(n,m) = not (or(qtine( am) 7eoine Gam M E 


axl 


I! 


now (tana ry E 
not (gtinc (n, uoe 


geint (n,m) 
leint(n,m) 


li 


neint(n,m).s not (edn n ms 
om 
predint (Succint(n)) = n; 
Succint (predint(x)). = = 
ntoi(zeronat()) = geneaime. Ir 
ntoi(succnat(n)) - sumant(succin EU zonoumnmet m m 
HEI 
iton(zeroint()) — 2c nadu Ok 
if ltintix,zerolinec (0 p (ru 
then 
ton) = under, 
else 
1ton (succint(x)) = sumnat(succnat(zeronat), 
Tio E 
endif; 
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ii imine Zeromat()) = true () 
then | 
absimdée) — subint(zeroimt(),x); 
else 
absint (x) cc 
endif; 
SumimbEneuerorint(o)- n; 
Sumwntin,succint(m)) = swccint(swmint(n,m)); 
Sub ln (2 zZeronat()) = x: 
Senet succnat iy) = predint(subinte(x,y)): 
ME, Zerointil) = Zeroint® > 
EE E EE EE ) = x; 
mltint(x,y) = sumint(x,mltint(x,predint(y)) ); 
if y = zeroint() 
then 
divint(x,y) = undef; 
else if ltint(absint(x),absint(y)) = true() 
then 
dit y) = zeroint() ; 
else if or( 
and ( 
EE 
EE ee Er Ee) 
), 
and ( 
tuc zerorznt())., 
Jeini (y,zerolnt ()) 
) 
Je true 0) 
then 
divint(x,y) = sumint( 
Sueecint(zero1nt()), 
du aumeisubrintix,)v)yy) 
ES 
else 
Givane(<py) = sumint ( 
predint(zeroint()), 
Gr CS DY (xy; Ye 
(E 
endif; 
endif; 
endif; 
TE Giamnmt(m,zeroint()d% = true() 
then 
jee ltint(n, zeroint()) = true() 
then 
mean. -—wmaodint(sumime(n,m);.m): 
else 
endif; 
else 
medint(n,m) - undefe 
endif; 


=p (pom jo a alvintin,m)) ); 


SBS 


eqint(x,yv) = eqint(Steeimetx) ;stccine DE 
gtint (succint (MAME rene) 


equivrel (eqint,int) ; 
irreflexive(gtint,int); 
irreflexive(lting,int); 
transitive (gcrncrin xe 
transitive (time nee 
transitive (geint,int) ; 
transitive (leint,int) ; 
antisymmetric(geint,int) ; 
antisymmetric lent im s 
symmetric(neint,int) ; 
commutative (sumint,int) ; 
commutative (mltint,int) ; 
associative(sumint,int) ; 
associative (miCint rinb) 


end extend; 
end integer; 


spec character 


» 


, 


is 
extend 
boolean 
wi En 

sort 
omar 

primitive 

Op 
"e Ee E 
O Db, GC! NEN MEM 
UA IE ISI TH 
tat d OLIM 0 Q: po Pee st 
trt ina oF noun O 
eee SE SS 
A RS TH ro O ee SEE 
NUL: > char; 
SOH: > Char; 
STX: > Char: 
ETX: > Char; 
EOT: char: 
ENO: = Char: 
ACK: > char; 
BITE Chan 
FO e x: 
HT: > Char; 
LES = Ohar. 
VP: > char: 
EB Char- 
CR: = Char: 
DOT wage 
loop 


DLE: > Char: 
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-— = _ 


O N — — 


y 


char: 
char; 
chan: 


chak; 


DCL: l E 
po» char: 
Decree char; 
mam char; 
KNAK char; 
ome char; 
EB char: 
CAN har; 
EMEN Char: 
SUB: > char: 
BSE: > char; 
PS: > Char; 
Ge. > char; 
BS: > Char; 
US: > char; 
SP: > char; 
BEL: > char; 
eqchar: char,char 
sechar: Char,char 
derived 
Op 
Ce olor: char,char 
gechapechar,char 
lechar: char,char 
nechar: char,char 
derived 
def 
bechar(m,m) = not 
gechar(n,m) = not 
Tech arién m) = not 
mechar(n,m) = not 
axiom 
a Rar DEL", 1) 
geena T = 
ena, 1) = 
ena ru ur s 
arena, 2) = 
geehar( e a 
gw@hari@a',' ') = 
muchos t' ') = 
JT ^t) = 
echar mó”. Lt) = 
sq chari] n) = 
Eeler HEI. e 
gchar Z") = 
EINEN esy A 
gtchar('A','@') = 
gtchar('@','?') = 
Geenata@l?','>') = 
giechiar('>*,'=') = 
@eenar('=','<") = 
@echar('<',';') = 


DOOL; 
DOOL; 


DOOL; 
BOOL; 
DOOL, 
DOOL; 


Toy y 


Do 
fechar (a 

Em m 
eqchar(n,m 


— — 5 45 


n 
m) 
) 
) 


(J 
true(); 
true(); 
true( 


,m) 


La 
Is 
Jus 


,eqchar (n,m)) 


yo 


gtchar(* 71 ,°s")) = Eu 
gtchar(’:",'9") = trues 
gtchar('9'/-S DA '— true cE 
gtchar ("Oth s s sun oe, 
gtchar ("7 “yee! y=) Eisele, 
o MCN NM 
gtchar( 5 EE 5; 
gtchar( Eo 

EE EEGEN 
gtenartb 5 Ja.) (ae cue ar, 
qtehar ció 

EE EE 
gtchar( ER 
gtchar("&*,'S') s— true: 
gtchar ("250 — rU. en, 
guchar( Ss", E EMEN E 
gtchar(' $4 "5j = Memes 
gtchar('' "*j' runc OR 
gtchar('! ETI 
gtchar(SP,US) = true(); 
gtehár (US, RS) =~ enue 
gtchar(RS,GS) = true 
gtchar(GS,FS) = true(); 
gtchar(FS,ESC) = true(); 
gtchar(ESC,SUB) = true(); 
gtchar(SUB,EM) = true(); 
gtchar(EM..CAN) *="Erue Ge 
gtehar(CAN, ETB) s yn O) 
gtchar(ETB;SYN R SR u 
gtchar(SYN,NAK) = true(); 
gtchar(NAK,DC4) = true(); 
otchar (DC4 , DG 3) == true) 
gtchar(bC3 ,0¢2) = ru E 
gtchar(DC2,DCl) mee 
qgtchar(DCLl,DEE)t- tmm. 
gtchar(DLE,SI) ome 
gtehar(ST,sO) S troe: 
gtchar(SO,CR) = true(); 
gtichar (CR, FF) = ru 
gtchar (PE, VT) = GE 
gtehar (VT, LF) — true|); 
gtehar(LE,HT) = truss 
gtchar(HE,BS) —- tune» 


gtchar(BS,BEL) = true 


) 
gtchanr( Beh, ACK) )= ( 
gtchar (ACK, ENO) crue 
gtchar(ENO,EOT) —- true( 
gtchar(EOT,ETX) =. Gavel 
gtchar (ETX; STX) muU 
gtchar(STX,SOH) <META | 
gtchar (SOH, NUL) -m rUe 


equivrel (eqchar,char) ; 
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irreflexive(gtchar,char); 
irreflexive(ltchar,char); 
transitive(gtchar,char); 
transitive(ltchar,char); 
transitive (gechar,char) ; 
transitive(lechar,char) ; 
antisymmetric(gechar,char) ; 
antisymmetric(lechar,char) ; 
symmetric(nechar, cham) 
end extend; 
end character; 


Spec string 


parm 
extend 
boolean 
with 
sort 
lm; 
primitive 
Op 


y 


egim: Im Im bool; 
Selma: Im, im > bool 


derived 
Op 
ice: elim, lm > bool; 
gelm lm, Im- bool: 
lelm: lm,lm > bool; 
nelm: Im, Im > bool; 
derived 
def 
tm nm 'nce(or dGEIm(n 4m) /ealm(n,m)) ); 
gedm“n,m) —- not(ltlm(n,m)); 
lm ens En = nokigelm(n imo; 
nelm(n,m) = not(egqlm(n,m)); 
axiom 


s eglm,lm); 
Em exrive(gtlm,lm)); 
irreflexive(ltlm,lm); 
ransitive(gtlm,lm) ; 
Eransitive(1tm,lm) ; 
transitive(gelm,lm); 
transitive(lelm,lm); 
antisymmetric(gelm,lm); 
antisymmetric(lelm,lm); 
symmetric(nelm,1m) ; 
end extend; 
is 
extend 
natural 
boolean 


165 


with 


sort 
str; 

primitive 

Op 
nul Vstrs >= sti; /* null strindg 
makestr: lm —> str; /* make */ 
lenstr: str > nar jimsttimag length. 
headđdstr: str > lm; /* string headway, 
tailstr: str > sta /* string bar. 
catstr: strstr MS /* concatenation */ 


egqstr: str,str + bool; 
gtstr: strstr we feel; 


derived 
Op 
Lestr ss. Str, Stree eo: 
gestr: str,str > bool; 
lestr: Str, str "bel 
nestr: str str > bool; 
derived 
def 
ltstr(n,m) = not(or(ctstr(n,m) ,eqstr(a meee 


no (Tes Un 
Hot (gts taa 
not (egstr(n,m)); 


) 
gestr(n,m) 
lestr (n,m) 
nestr (n,m) 


axiom 


lenstr (nullstr) = zeronat(); 
lenstr(makestr(l)) - succnat(zeronat()); 
lenstr(catstr(sl,s2)) - sumnat(lenstr(sl), 
lenstr (s2); 
headstr(makestr(1)) = 1; 
tailstr (makestr h n a nullstr- 
headstr(catstr(makestr(l),s)) - 1; 
tailstr(catstr(makestr (I) s2 SFe 
headstr(nullstr) = undef; 
talilstr (nulls te Mo ser 
Catstr(catstr(sil, e wa tcd |N 
catstr(s25453)]9- 
Catstr(nullstr;s) = catstr(—-ss rn o s R 
implies(eg1m(11,12) ,eqstr (makestr (11), 
makestr(12)).7"= true e 
implles(gtlm(11,12) gtstctr(makestr( 11 
makestr(l2)) ) = trrúue E 
gtnat (lenstr (makestr(1)) lenstr (nullstr)) 
= true(); 
implies (gtnat (lemstr(sl) Ree 
gtstr(sl,s2)) == mue M 
lf lenstr(sl): = 2eronac (O) 
then 
gtnat(lenstr (catstr (sl,s2) ,1lenstr (s 
= truel); 


else 
egnat(lenstr(catstr(sl,s2),lenstr(s2)) 
= true(); 
endif; 
equivrel(egstr,str); 
jumecbexevelgtstr str). 
Emrpeecvelltstr str); 
transitive(gtstr,str); 
transitive (ltstr,str); 
transitive(gestr,str); 
tm ncu I Tester, str); 
antisymmetric(gestr,str); 
antisymmetric(lestr,str); 
symmetric(nestr,str); 


end extend; 
end string; 


Spec str. 


is 


extend 


Enartype 


character 


with 


use 


String character) 


where 


char is lm; 

Eneas eq; 
Geenar as gtlm; 
ltchar is ltlm; 
gechar is gelm; 
lechar is lelm; 
nechar is nelm; 


end extend; 
end str.chartype; 


spec intensity Acs play part. */ 
is 
extend 
boolean 
with 
sort 
intens; 
primitive > 
op 
minintens: > intens; /* minimum intensity */ 
maxintens: > intens; maximum intensity */ 
nm cnc: > Tnterrs; LEM EENMNEensity */ 


predintens: intens ^ intens; 


Gy 


succintens: intens > intens; 
sumintens: intens,intens > intens; 
subintens: intens,intens > intens; 
eqintens: intens,intens > bool; 
gtintens: intens,intens > bool; 
derived 
Op 
ltintens: intens,intens > bool; 
geintens: intens,intens + bool; 
leintens: intens,intens >» bool; 
neintens: intens,intens > bool; 
derived 
def 
ltintens (n,m) 
geintens (n,m) 
leintens (n,m) 
neintens (n,m) 
axiom 
predintens(minintens()) = undef; 
predintens(nullintens()) = undef; 
succintens (maxintens()) = undef; 
) 
( 


not (or (gtintens (n,m) ,eqintens me m DE 
not(ltintens n, m) e 
notlgrintens (n, mS 

not (eqintens(n,m)); | 


succintens (nullintens ( = undef; 
) = undef; 
) = undef; 
Jsuccintens (minintens()) 


) 
sumintens(i.nullintens“) 
subintens(i,nullintens() 
maxintens() = [NUMINTENS 
sumintens(i,minintens()) 
subintens(i,minintens()) 
sumintens(i,succintens(jJ)) 


1; 

E: 

= succintens 

(sumintens(i,j)); 

1f gtintens(i,j) = true() 

then 

subintens(i,succintens(j)) - 

predintens(subintens(i,j)); 


else 

subintens(i,succintens(j)) = undef; 
endif; 
egintens(i,j) - egintens(succintens(i), 


succintens(j)); 
egintens(predintens(i), 
predintens(j)); 
eqintens(i,succintens(predintens(i)) ) 
eqintens(i,predintens(succintens(i)) ) 
ce eos | 
egintens(i,nullrncens 
egintens(j,nullintens()) 


eqintens (i,j) 


T 
true() ; 


) = true() 
then 
geintens (1,3) = under. 
Enc 
gtintens (suceimtens (1 E G sas 





equivrel (eqintens,intens) ; 
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irreflexive(gtintens,intens); 
irreflexive(ltintens,intens); 
transitive(gtintens,intens); 
transitive(ltintens,intens); 
transitive(geintens,intens); 
transitive(leintens,intens); 
antisymmetric(geintens,intens); 
antisymmetric(leintens,intens); 
symmetric(neintens,intens); 
commutative(sumintens,intens); 
associative(sumintens,intens); 
end extend; 
end intensity; 


spec pointcolor 


is 
extend 
boolean 
intensity 
with 
Sort 
colo, 
primitive 
Op 
mudrlcolor = color; Home DR (exo lane */ 
medeoememt. color + intens; /* red component */ 
ENEE color — intens; /* green component */ 
Dblucompnt: color > intens; 7 pimiewecomponent */ 
ee color,color > bool; /* equal color */ 
defcolor: intens,intens,intens colk r: 
ye define color */ 
axiom 
redcompnt (nullcolor()) = nullintens(); 
Guaueemont (nullcolor())) = nullingens() ; 
bluecemone (nullcolor()) = nullintens(); 
if and( 
Or 
eut 
eqintens(il,nullintens()), 
egintens(i2,nullintens()) 
) ; 
egintens(i3,nullintens()) 
), 
EX 
eX 
not(egintens(il,nullintens()) ), 
not(egintens(i2,nullintens()) ) 
E 
not (eqintens(i3,nullintens()) ) 
| ) 
| WW— Erue() 


ISI) 


then 
defcolor(il, 1215. e 
else 


redcompnt (detcolor (1 T 
grncompnt (defcolor EE E 
blucompnt (defcolor (rP IS oe 
endif; 
eqcolor(cl,c2) = and( 
and ( 


eqintens (redcompnt (cl) ,redcompnt(c2)), 
eqintens(grncompnt(cl),grncompnt(c2)) 
E 
egintens(blucompntt(cl),blucempn Uc 
) ; 
equivrel (eqcolor,color) ; 
end extend; 
end pointcolor; 


spec point 


is 
extend 
boolean, 
natural, 
integer 
with 
sort 
Pnt); 
primitive 
Op 
xcd NM mi /* X coordinate | 
ycord: Proe NE; /* y coordinaten r 
locpnt ini ine pE /* point locatue WN 
eqpnat: pt pe > Doo /* equal point */ 
qtene: pane, pane Deol /* right & above 
LEpnt> “Ont, pit "Doe /* left & below */ 
qepnmt. pnt,pnt bee /* right & abewer 


or rigħt inline or above 
inline / 
lepnt: pnt, pne Mco /* left & below, 
or left inline or below 
inline */ 
Offsetpnt: int,int,pnt — pnt; /* point oOffScre 
axiom 
xcórd(Locpne (i1 I 
ycordu ocn: (GA 
egpnt (PL p P P asna 
eqint (Xcord (pl) coral 
eqint (yeord (pl THI 
SE 


SE 
12 


ID 


gon sec and l 
es Cord (Dl)  xcord(52 
gawe ycrda (pl) cora (oz 
); 
heme (Dl, o2 = and ( 
H EE 
EE Ee 
); 
gepnt(pl,p2) = and( 
Ou | 
cg “cord (eI e xcordio2)), 
In (“Z 9l) | weed (2 ) } 
), 


Ox | 
AER ENEE EE EE 
IL veordis2)) 
) 
); 
Jenice (5152). = and( 
or ( 
E'n Epb cord (o), 
Int EE EES 1 
), 
or ( 
leint (yeord(pil), yecemud(o2)) , 
cgint (ycor condim i) 
) 
) 
fee = Zeroint() 
then 
csr (ofrfrsetpnt(x;/ 5 5) ) == xeord (5) > 
else if gtint(x,zeroint()) = true() 


then 
me@nra(Ooffsetpne(x,y;,p)) Sue cin (xXeord 
(offSotont  Oreoqin enp) e); 


else 
meord (Offsetmpne(x,y,o)) = predint(xcord 
(omrsetpme succmec veo. );: 
endif; 
endif; 
if y = zeroint() 
then 
peordioffrsetomt(oxw) ycord|s> 
else if gtint(y,zerint()) = true() 
then 
Veoumlofisetpnt(x,y,p)) = Succint(ycord 
(or EE Eescher ) ; 
else 
ycord(offsetpnt(x,y,p)) = predint(ycord 
(CE Sc I ^c ui an yD). ) ; 
endif; 
endif; 


ee 


equivrel(eqpnt,pnt) ; 
reflexive(gepnt,pnt) ; 
reflexive(lepnt,pnt) ; 
irreflexive(gtpnt,pnt) ; 
irreflexive(ltpnt,pnt) ; 
transitive(gtpnt,pnt) ; 
transitive(1tpnt pnt), 
transitive (gepnt,pnt) ; 
transitive(lepnt,pnt) ; 
end extend; 
end point, 


spec rectangle 
is 
extend 
boolean, 
integer, 
pol 
with 
Sort 
eE. 
primitve 
Op 
Origin: I 
corner. 
corner: not sone, 
corner aar 
alme tt: cL Ln 
dinr CE arC > ne 
area: Ipin port secre 
inrct: DNE rout peer. 
test */ 
disjrct: rot; roto ADS 
INSSCELCE VL Ce , Ce ena a 
pusrct- mes rct cM 


locatrom 57 


sat£trct” ant, int rot. 
axiom 

1f ltintixcord(p2) xccn NI 
then 

xcord(origin(area l P; sm 
else 
xcord (Origin (area(pleeZ MM 
endif; 
if ltint(ycord(p2) cora s 
then 

ycord (origin (ar=a pipi) 
else 

ycord(origin(areau pl pp IPA) 
endif; 


12 


lower left 
upper rignt 


x dimension */ 
y dimension */ 
define rct */ 
pnt inside rct 


disjoint rcesm 
rct intersection 
purterete 


/* shift rct 
true() 

cU 

xccord (pol) 
true() 

= yvcord p), 

Enc ENN 


PVE erie Eeer w= true) 
then 


Meera (Cemier(areatpl,p2)) ) = xcord(pl) ; 
else 

Scerc(corner(arcalpl,p2)) ) — xcOorTd(p2); 
endif; 
Jom EUvcord(pl),vcoscip2)p—"true.() 
then 

poerdocorner(area(pl,p2)) ) —- ycord(pl); 
else 

“se (cCorner(area(pl5p2)) ) = yeora(p2); 
endif; 
Tiri Ci (py yr) — and( 


gepontip,origin(r)), 
lepnt(p,corner(r)) 
IR 
@esjrct(rl,r2) = 
mot (or ( 
E t 
EE 1s), 
mann = (EO remem (ie2 ) sae lh) 


l 


or ( 
NES El 
lcepnt (sora torino 
EES 
Geh 
jm 
inrcte 
llo cen seems GE 
ce Dn 2), 
LT 
) 
) 
ES 
EE Ee true 
then 
imesectret (rll r2) meüondef; 
else 
iret (py,intsctrce (rl eZ ane 
arce, rl), 
ee L 
E 
endif; 
Shustrctix vr) - area 


oOtiseupat (By, originir))", 

o. Set “Y corner Ur JM 
)4 
putrct(p,r) = area( 

p, 

e Set One xadimrct (r) ydimrct (r) p) 
e 


dee 


xdimuaset(r) subs 
XCOLrd (Obug@um tr), 
xcord (corner (r | 
n 
ydimrot (r) S NEN, 
veora (organ e A 
ycord (corner (r)) 
US 
end extend; 
end rectangle; 


Spec imageform 
1s 
extend 
boolean, 
pon OL; 
point; 
rectangle 
with 
sort 
form; 
primitive 
Op 
1nit form: sees wre hn, 
farea: form ~ rol; 
ES A 
pne, form sg o lon, 
color form —. colas 


getcolor: 
fa bio rin: 
setcolor: 


ent. color, Lo mtm 


/* initialize formim 
/* rct area of 


/* get pnt cole 
/* fill formia 


/* set pnt colorr s 
J RRRERKERKRKKKERKREEKKKKKEEKRKEKRERK RRR ESR A O 


* invform - inverse form 
* given color A, SONORO BS 
x map F foreground olors 
* map F backere wi COTE 
T 
JOVIS IST 
axiom 
farea(initform(r)) = r; 
getcolor(pyinitiorm(r} a 


If inret(p fareatrt true() 


forman 
to A 


color, Solor, form am EE 


nullcolor():; 


then getcolor(p,setcolor(e r R 


else getcolor(p,f) = 
EE 
if inrct(p,farea(f)) = true) 
qetcolorlp, till rm r sn 
endif; 
If EE ME 
setcolor(p,c,f) 
endif; 


= undef; 
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false() 


nullcoton ie 


then 


then 


ect (py farea(£)) = true() then 


uad cc EE = ny llcolor( ) 
then 
me c Olor( (Dp. 1nvform(cl,c2,E)) = c2; 
else 
qemechorlm, Havtorm\(Cl,c2,2)) = cl; 
endif; 
endif; 
end extend; 
end imageform; 
Spec iconfont 
is 
extend 
boolean, 
natural, 
pesntcolom, 
Res tang lle” 
imageform, 
pntblktrans 
with 
Sort 
font; 
primitive 
op 
ee EE Joie Ze font */ 
nee mi Mom ei eE rot tont 
dcc 
lenfont: font > nat; /* number of icons 
in tones 
sim: rot piht pnt; ma PE SpOt (font 
coc DD 
Scmae: Bee, pnt > pnt; “mao pnt to spot 
(font loc) */ 
nen nac OnE > bool; /* for given index, 
does font have icon */ 
de Mone: nat, tont > font; /* delete icon 


STE CE S 
doo m roNNMndt.fontow ront. 7 * wb iconginto 
font * / 
OESOL: EEO O: int, int, tome, pnt > pnt; 
/* offset in 
multiples of font rcts */ 


axiom 
is ont (1nl1tfont(r)) = r; 
Peo re iit tome (rr) ) = ZeEonati); 
spmap(r,p) = locpnt( 


EE EECH EE , 
Mine yeord(p),ydimret(r)) 
); 
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psmap(r,p) = locpnt( 
qivint xcerdí( y camus 
divine cecru "y cm UN 


)5 
) 
J 
infont(id,initfont(r)) » false(); 
infont (1d deltontiid te) eer seme 
infont(id,settont(b;1d0j.tft)9NE buc 
1£ “anal 

eqint(xdimrct(rctfont(tft)) xdimrctifares (MA 
egint(ydimrct(rctfont(ft)) ydimrct (area (Gs 


IER 
Chen 
setfont(f,id,ft) = undef; 
endif; 
lf infontüixd tt) = 1 me 
then 
lenfont(setfont(f£,id,£ft)) = lenteone eer 
else 
lenfont(setfont(f,id,ft)) = succnat(lentona ee ae 
endif; 
if infont(id, Ct) = true 
then 
lenfont (delfont(id,ft)) = prednat(lenfont(ft)); 
else 
lenfont(delfont(id,ft)) - lentons i mE 
endif; 


lf infontlid,ft) = false chen 
getfont (id, ft) = únder, 
endif; 
rctfont(ft) = farc get EU 
getfont(id,settront(t 1d, fe) jee 
getfont(id,setfont(a,id,settiont (bd, dara) 
otfsettonti(x vtto MEM icm 
sumint (xcord(p) ,mltint(x,xdimrct (recttont (temas 
sumint (ycord(p),mltint(y,ydimrct(rcttfont' EE NEED 
o 
end extend; 
end iconfont; 


spec pntblktrans 
is 
extend 
natural; 
integer, 
porn! 
rectangle, 
Dorm 
with 
Socie 
D bli. 


18556 


primitive 
Op 


EE EES 


E 
Ce 


geterct: 
getrule: 
setsrct: 
setdrct: 


setcrct: 
setrule: 


PEDIA rct; 
pupa rct. 

PEL EG 
pit] CS rece 
ptblt asnat ; 


ilc DEDlt. >> pEDIE; 
EC” PEO E 


aie A 


IEL oto dI 
Dat, pCO => potbWt 


TK 


ii“ a Ze ptbLt */ 


HS 
ec 


Ser 
den 
set 
set 


set 
set 


Sourcer rCE */ 
descination 


epp ng ret */ 
ce rule */ 
source rcot */ 
destination 


aM O NG ret */ 
cop. Mbule */ 


/ k k k k k k k k k k k k k k kk k k kk kk k k kk kk k k kk kk k k k k k k 
Meco») Operation: 
* given source, mask destination forms; 
Meal cpyrecur with origin of wksrct 


* ptbDIt Controls berau "on; 


7 


Copy ee cai, Eormreorm, torm > form; 


/ k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k Kk k 


* drawline - draws line between two pnts: 


“Given start pnt, 


mask; 
x calls recursive h/v drawloop depending on 
slope of line 
* drawloop constructs line using repeated 
form as a 


* calls) to (coe, >i easing source 


brush 


MA 


Stop pie wmomush, destination 


Cimawihtne: pnt,pmte,ptblt,form,form,form > form; 
/ & k EE E EE ee ee e ee ee k k k k k k k k k k k e k k kc ke ok K 


Eeoa ont -~ Copy icon from font to a given 


point in the dest form 


*ehe source and dest ret in ptblt are 
automatically set 


= 


So ont: poep eolit nat Eont, form, form > form; 
LM aM KK KKK XX 


* anveopyfont - same as copyfont bit with 


inverse coloring on the 


4 the font form seurce. 


SEH 


Is ont Color Color, pnie ptb nat, font, form, 
korm > form; 


hidden 
Op 


IS EE ees e e E e ARR X 


SIT MO ring source rct 


*Siimecerseeccion Of source form farea 
“end Ene ptblt source rct 


SC 


bag 


wksrct: 'Form peb Ueno r e 
[RRERERRER RRA RRR RR A O 
* wkdrct =- working destination bc 
* intersection of destination form farea 
* and the ptblt destination rct 
4 

wkdrot: Form, ptpit a C 
Z k k k k k k K k K k k k k Kk K K A A K AA S E 
* modpnt =- pnt modulom -TETO e p 
* given pne R Ormi 


x if P in F 

* then P 

* else(wrap P around into F) 
A reduce coord of P 

x py cl mc ET 

* until P in F 

x 


módpnt: pnt r orme pne; 
EE EE 


* getmcolor - applies the masking rules 
x given pnt P, source" Ss, destro oS phu; 
pPEDLE 25 


* returns color MS (masked source color) 
* based on: 


s masking policy 

E S color @ P 

S M color € modpni Tor 
* 


uh lee lee DE 
7 
getmcolor: pnt; ptblt, form forn ror ced 
ff YR RC k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k K K 
* nextpnt - given pne Po recurs Next pac 
in wksrct 


* based on sequential ordering imposed on rct: 
? start atiorigin 

n if right nerighbor — WE 

a then return right neighbor of P 

5 else 

a move left to rct boundary 

* 


return put above 
*/ 
nextpat: pnt,ptol frotan 
/ k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k | 
* matchpnt — find corresponding font ari des 
* given pnt P, source S, dest D, ptblt B 
* returns pnt that is offset kri Frons ie 
p origin orf the wksbiect 
* where XY is the offset from the 
š Origin of the wksrct 
a that eguals P 
a 
matenpnt: pnt,ptblu,£ormp om Wanu 
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"X XXX X XXX XNXX XXX XXX XXX XXX XXX XXX XXX XX Xh XXX X + 


S LET E GOGO 2 dest 

* given pnt P, source S, dest D, mask M, 
o 

Gr coler TE 

* based on: l 


S B copv rule 

* EE EE t mcecolor Of P NM 
ES Daceolom, Comacempnt if DIB 

AA 


cop SD Eo EC, EFO YT EOET ; 
/ k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k kk 
“cc Su recursive functron of copybit 
* given pnt P 
E PAS CE 


< then 

3 call copypnt with P 

S ca'i íepyrecur Wrth. nexPEpnt of P 
os else 

KR stop recursion 

SÉ 


ee Gece: Oe ey rom, com foun form; 
J/XX*X*X*XEkkkKEkxkK*Kk k R ' OR  k  k kk *kk * k'k * k* * * * * * 


* hdrawloop - recursive function of drawline 

* used when absolute value of slope is < 45 
degrees 

* walks line one horizontal point at a time 

S moving vertically as required, 

* at each step: 

a sets ptblt destination rct 

* 


calls” copy 
i 
inca ieonisndgt,Tmnmewwe,1nt,rntospt. form, 
Form jos ET Dem 
PLI UE UU 7 7 2 7 7 7 777 KA KKK KKK XS 
* vdrawloop - recursive function of drawline 
* used when absolute value of slope is >= 45 
degrees 
walks line one vertical point at a time 
moving horizontally as required 
at each step: 
sets ptblt destination rct 
calls copyblt 


+ + * * O” 


s 
Veta sheep, nat,int,10€,10te, Une, 1nt, torm, 
forme l G Orm; 
axiom 
getsrct(inicptblt()) = area( 
llc eroint() ,2eroint0)), 
locpnte (zeroint() zeroint()) 


T79 


getdrct(initptblt()) = area({ 
locpnt(zerornw Zoe o) 
locpnt(zeroint(),zeroint() 
ju 
getcret (initptbh lt) mecca 
locpnt(zeroint(), zero ss, 
locpnt(zeroint () }zecorn aa. 
) i 
getrule(initptblt()) -» zeronat(); 
getsrct(setsrct(r,pb)) T 
getdrct (setdrct (r,pb)) o 
getcrct(setoror r op, Ta 
getrule(setrule(n,pb)) n; 
wksrct (f,pb) = intsctrct (farea(f) ,getsrct (pb)); 
wkdrct (f,pb) = intsctretlfarea(f) getdrct (pol 
modpnt(p,f) = offsetpnt ( 
modint (xcord(p)> xdamrcettarca Gla 
modint (çcord (p nyo mrt area (E n ma 
origin(farea(f) ) 


), 
) 


J BRR IK GE Kx RR E ILLU 5 
x materna 

* p: pnt in source 

~ Dee PEDDIE 

* s: source 


* d: dest 

ERRRRARE RRA RR RRA RRA RR RRA RE RRA ko ko k ko ko k / 
matchpnt(p,pb,s,d) = offsetpnt ( 

Supine ( 


xcord pi 
xcord(oriGSl1n O wksret Sr ) l) 
m 
subint ( 
VOU US 
ycorqd(origin(wksrer (rp E 
Y, 
originiwranet apli 


/ É k k k k k k k k k k k k k k k k k k k k k kk kk k k k k k k k k Kk k k k k k 


*GEEMGO LOE 

* ip: pnt 1n Source 

* pD: missis 

x 5: SOuEce 

* m: mask 

* d: destination 

EXEEREREREREL EAN A DEE 
Liver 

eqcolor(getcolor(p 7s 2am lc p 

eq eo Lom 

getcolor (modpat (matchpar ips co A 


mull color () 
) 
m— true 
then 
scumc-ebor(p,pboysumustscetcolor(p,s); 
else 
getmcolor(p,pb,s,m,d) = getcolor(modpnt 
TTI IT TT 7 
endif; 
EE ee ee 
* nextpnt 
* p: phit in source 
a pp Est 
* s: source 
a a a a e DS a oa a a alal a a e a a aa a a aa aa aaa aaa a aaa aaa A 
|f CNA 
xcorg( (p); 
xcordalleorner (wksrct(s pb)) 3 
) = true() 
then 
Ne<epne Goypo,s) - locpnt! 
Succ HN xcord(p)); 
Neora (p) 
be 
else 
nextpnt(p,pb,s) = locpnt( 
MeOmevObigin (wkstetw lanes) ) ), 
Succ irt (ycord(p)) 
J; 
endif; i 
A N 
SM Op pc 
sn hig. source 
Ses soot 
s: source 
m: mask 
* d: destination 
k * k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k / 
lf cuncti 
NEE Ee E Se 
Tmesctrcot( 
wkarct (dpb), 
decani (pb) 


+ X 


) 
) = true() 
then 
if getrule(pb) = zeronat() 
then 
copy En EE 
cit getru letal) = Mala sucenat (zeronat()) 


ML 


then 
if and 
not (egcolor (ge smcolor (e s pb yo mia), 
NuLLeoetor Oem 
not (eqco lor ( 
getcolor ( 
llatchpneup abord 
d 
), 
nall color) 
) ) 
) = true() 
then 
copypnt(p,pb,s,m,d) = setcolor( 
matenpnte (ep, ps, seu 
getmcolor (p, pprys m a) 


d 
E 
else 
GAT lee 
endif; 
else if getrule(pb) = [2]succnat(zeronat()) 
then 
1£ and( 


not (egcolor(getmcolor (p,pb,s,m,d), 
nullicolo 0 P 
eqcolor ( 
getcolor ( 
Ter EE EE ae 
d 
e 
nullcolbomo 
) 
) = true() 
then 
copypnt(p,pb,s,m,d) = 
matchpne( ERR lee n 
getmcolor(p, pbs, m, cue, 
d 


setcolor ( 


E 
else 
copypnt(p,pb,s 7m, d) ease 
endif; 
else if getrule(pb) = [3]succnat(zeronat()) 
then 
if getmcolor(p,pb,s,m,d) >= mnm olor 
then 
setcolor ( 
matchpnt (p.p sa E 
getmcolor(p, phys cM 
d 
E 


To. 


else 
SOeyoMme oO, Oo s,m,d) = d; 


endif; 
else if getrule(pb) = [4]succnat(zeronat()) 
then i 
a and L 
egcolor(getmcolor(p,pb,s,m,d), 
nwl elor; 
not (egcolor ( 
getcolor ( 
mcs esteso 9b Sd, 
d 
), 
muscoli 
)) 
) = true() 
then 
COpypnt(p,pb,s,m,d) = setcolor ( 
ENEE sec. 
nultcolor we, 
d 
E 
endif; 
else if getrule(pb) = [5]succnat(zeronat()) 
then 


IINCertcobor( 
matechapnt(p,Ppa,s ar 


d 
)) nud] color() 
then 
cop, pate, pb,Ss,m,d) = setcolor 
match pntito pista)” 
geecemeolor S Im. 
d 
) ; 
else 
copypat ip, DD As miña) = d; 
endif; 
else if getrule(pb) = [6]succnat(zeronat() ) 
then 
if and( 
ana 
egdc olor getcmecoTorp, pD, S: m,d), 
TY) l lame hor) 
not (egcolor ( 
getcolor ( 


Kee Somer cy) ; 
d 


), 


Tu ls le ce toria 
y») 
jr 


SS 


GL 
not (egcolor eelere po, s,m, a 
nullcolor oron); 
eqcolor ( 
* getcolor ( 
Matchommie,pbh,s,d), 
d 


nullcolor 
) 
) 
) = Crue O 
then 
copypnt (Bp, ppy;sS Eeer 
matchpnt (p T 
getmcolor (p, porera d); 


d 
IR 
else 
cOpypnt (bp, pb, sie. = a 
endif; 
else if getrule(pb) = [7]succnat(zeronat()) 
then 
if on 
not (eqcolor (getmcolor (p, pors, md); 
nullcolori r 
not (eqcolor ( 
getcolor ( 
matchpunt (pr roS. e 
d 
nmulleolo in 
) ) 
) = true() 
then 
copypnt(p,pb,sm,d) = setcolor( 
matchpnel TUE 
qeemco loro. pora 
d 
E 
else 
COpypnt(p, pb, Ss, m,0 Xu 
else 
COPpvPpre tp Po /s ma) E 
endif, > 
endif; 
endif; 
endif: 
endif; 
endif; 
endif; 
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endif; 
cndi E; 
endif: 
/ Ë k k k k k k k k k k k k k k k k k k k K k k K KOR KOR K K O KOK OR OR R K 
“ce, secur 
~Torwont n source 
Sees oto 
EE e 
“Ws mask 
* d: destination 
Do MENSAE RARE k AN Xx AR Xx k k * k / 


1r “cU WKSLcE US PD) — mer ue () 


then 
/ “cen pnt and continue- */ 
EE p pD, S, m, d) cpyrecur ( 
nextpnt(p,pb,s), 
pb 
S, 
m, 
copypnt(p,pb,s,m,d), 
) i 
else 


/* all source pnts visited */ 
epyvrecur(p,pb,s,m,d) = d; 
endif, 
J[ Eck ehe k k k k k k k k k k k k k k k K K ke he RO R ke e ke ke e e he e R K K 
ae 
O ED |t 
“Se urnce 
Ma Sis 
TR destination 
kkkkkkkkkxkxkkxkkkkkkkkkkkkkkkkkkkkkkkkkkk k 
EROR 
disjrct(farea(s),getsrct(pb)), 
easqret (farea(d) ,getdrct (pb) ) 
) = true() 
cenen 
yp lt (p.s, m,d) = d; 
else 
copy Pc (ps mm a) 
cpyrecur ( 
origin(wksrct(s,pb)), 
pb 
S, 
m, 
d, 
ls 
endif; 
E ARE A REAR ARK KKK KK KK 
* hdrawloop 
* n: dist to go (major axis) 


T25 


p: minor axis move counter (vertical) 
dx: xDelta sign 

dy: yDelta sign 

px: yDelta abs 

py: xDelta abs 

s: source form 

d: dest form 

m: mask form 

pb: p p, 


RR RARE RK A RR ee 
/* is it the last scepor 


* * * * * * * * 


>» 


if n = succnat (zeronat ()) 

then 
/* time to move in minor direction? */ 
if ltint(subint(p,px)/,v 2zero1nt ("= true) 
then 


/* move Minorka 
ndrawloop(n,p, ax qoy, p py on m r 


copus tt 
setdrct (shiftrct (as, dy,getdrct (pb) mere 
S, 
m, 
d, 


yes 
else 
/* move major! 
hdrawloop(tn,p;dx , dy PX) Sar Mm E 
COPY PEN 
setdrct (shittrce ee zeromr r 
getdrct (pay) pb) 





S, 
m, 
d, 
jus 
endif; 
else if ltint (subint (p 7px) 7zererne)) 7 —" trues 
then 
/* move minor and continue */ 
hdrawloop(n,p,dx; dy P? P lm a 


hdrawloop ( 
/* reduce distance to go */ 
subnat (n, succnat (zerenari)), 


/* reset counter for next minor move */ 
SsumLnt subIne'p PO PEE 

ds 

dy, 

px, 

PY , 

S, 

/* move minor and major then cop rush 
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E 


else 


SE ( 
Secar ee ina crece dy, getdrct(pb)),pb) 
S 
m, 
d, 
m 
m, 
Eumene tret stie se:drctinb)),bb) 


/* move major and continue */ 
E p Im ay po oa, S, d, M, pb) = 


JE 


hdrawloop( 

/* reduce dist to go */ 
Subsmnuacinssuccnat(zeronat()), 
/* reduce count till next minor move */ 
ENSE Dy Dx) 
des, 
ay; 
px, 
DY, 
S, 
/* move major,then copy brush */ 
covy D. t ( 

s I rctct(shiftrct/dx;zeroint(), 

gecdret (pb) ob) 


S, 
m, 
ci, 
Us 
m, 
Seere L SNr Cro Ed Z2eroinclgetarct1pb)), 


pb) 


endif; 


endif; 
A KEKE RE KX 


* 


Xx OR OR OR OE OF FOR OF 


* 


vdrawloop 

ao dist to go (major axis) 
p: minor axis move counter (horizontal) 
dx: xDelta sign 

dy: yDelta sign 

px: yDelta abs 

py: xDelta abs 

s: source form 

gr Gest form 

m: mask form 

pli: Pp EDAGE 


EXRERARAARA RARA k k k k k k k k k k k k k k k k k k k k k k k k Á 


/* is it the last step? */ 


irm 


- succnat(zeronat()) 


l: 5 7 


then 
/*® last steps 7 
if ltint(subint(p,py) ,zeroint()) = true) 
then 
A iS Maa pa 
vdrawloop (m pyd> ay px yp os m p — 


COD 
setdrct (shiftrct (dx,dy,getdrct (pb) Mala 
S, 
m, 
d, 


n 
else 
/* move major 
vdrawloopín,pydxy dope m5" — 
Copyblr 
setdrcet(shrferetzeuwomm p dy. 
getdrot05b)) M95) 


S, 
m, 
d, 
Ia 
endif; 
else if ltint(subint(p,py),aeroint()) = true() 
then 


/* move minor and continue walk */ 
vdrawloopinjpyex ay px cec m mo; R 
vdrawloop ( 
/* reduce dist GOG 
subnat(in,succna— o ne S 
/* set counter for next minor move */ 
sumint(subint(p,py),px), 
ese 
aya 
px, 
DY, 
Sy 
/* move minor and major then copy brushk 
CGT T 
setdrct (shiftret (dx ,ay,getdrct (pb) eee 
S, 
m, 
ay 
DE 
m 
setdrct(shiftrec 0: aya qr o pb MEE 
Je 
else 
/* move major and continue walk */ 
vdrawloop(n,p,;dx,dv pss Eg > ae 
vdrawloop ( 
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produce drst to gos*7 

subnat(n,succnat(zeronat()) ), 

/* reduce count till minor move */ 

AE py) 

ax, 

AV 

px, 

PY, 

S, 

mc major and copy brush */ 

COPD E 

cosmdpeuchuastrctieroimt() dy, 

geuawer pb) ) pb) 


S, 
Mm, 
Clo 
ee 
Mm, 
secarse at (), dy, getdrctípb)), 
pb) 
E 
endif; 
endif; 


a Ak AAR A RRR RR ER RAK Saša 


* drawline 

IS arca E 

O enc TT 

SI: pto 

2S: bBrusn form 

Sms mask form 

* d: dest form 

* Kk k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k X k K < 
a land ( 

SPDT cCcOSÓSd»2).,ycord(b»b)), 

UEM CCOrd(o2) »xcorcdp5Ll)) 


= truel) 
then 
Memes a single pnt */ 
Gc RS 01517, Ee EE ebe pm. Cl 


else if ltint( 
sme Subrntivcord0p25cbEd0Dl)) ), 
Sb subint(ixcord(ip2 s xcord(pl)). ) 
) = true() 
then 
miine is horizontal */ 
drawline(pl,p2,pb,s,m,da) = 
hdrawloop ( 
Vk distance gto 
EE Eh ,xcord(pl)) )), 
"ducc ljqlwIUSTMEUSve' counter * / 


189 


divine 
absint (subint(xcora(p2) xcordipl) JA 
[2] succint (zero int aa 

JE 

e 

divine 
subint (xcord (p2 E corape 
absint(subint(xcord (092) xcord p E 

), 

IS 

dial 
subintlycora(p2 cord IA 
absint(subint(ycord(p2) ,ycord(pl) YW) | 

) , 

[AP 

absint (subint(ycora (p2),yeora (pl Rp 

PA 

absint(subint( xeerd (| 32)— “cord (pl) M 

y 

CcoOpyb lt Pers ns 

m, 

pb 

lg 





else 
/* lane is verb cel“ 
drawline(pl, p2, Po mm I 
vdrawloop ( 

/* dust'tosdgem i 

iton(absint(subint(ycord(p2) ,ycord(pb WN 

/* dist till. minor moe weounter 7 

divine 
absint(subint(ycord(p2),ycord(p NEM 
(2) suceimet (Zee imi) 

Es 

A 7 

divine 
subint(xcoEd0gp2) «conc ul P 
absint(subint(xcord(5b2) cora (pl Ma 

Jm 

s s A 

Gav ime 
subint (ycord(p2) y coralina 
absint(subint(ycord(p2), yeora (pl E 

E 


/ MEA 

abSint (subint (yee@reitez) (cords sa 
LEO 
absint(subint(cer cer M E 
S, 


copyblt(pbD,S WW 
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m, 
pb 
Jee 


endif; 


endif; 
/ 8 k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k K K K 


* 
* 


+ + + + 


* 


COPY TONE 

pP: pOSLtlon in destination for lower left 
corner of source form 

ps EIE 

id: index number 

fe wbOmt wlth Source Form 

m: mask 

d: destination form 


o eee a a oa a u a as aa a a a aa a a X RUE XU EUR RUE / 


Front (p pb, id ,ft,m dF COpyblt( 
setdrct ( 


) 


puerco ct toni ))., 
SEES Geel (ECE FON), Diop 


serrtont(1d,£t), 


m, 
d. 


KK ke e 


* 


+ + + 


+ + * * 


* 


incopy FON 

Gils Foreground Vere)! Oe 

CZ. DackGround color 

p: position in destination for lower left 
corner of source form 

Po T PEDDIE 

id: index number 

Ce SONE with source form 

m: mask 

d: destination form 


k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k x 


Mice ont lcl)es, p/p, 1d, 1t,m,d) = copyblt( 
setdrct ( 


) 


Ne ci (er cL EGIN (ECO), 
Seesrct (retfone (te) ,DD) 


mn tornmicic2 gettomi(ld;£ftt)). 


m, 
d, 


ies 


end extend; 


end pntblktrans; 
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spec identifiers 


is 
extend 
boolean 
with 

sort 
memid; 
regid; 
stkid; 
dregid; 
fid: 
aqua /* qúueue ID 47 
abia. /* database ID */ 

primitive 

Op 
idopers (memid,memseg) ; /* memory seg id */ 
idopers (regid,regseg) ; /* register seg ds 
idopers(stkid,stkseg); /* stack seg Mg 
idopers(dregid,dregseg); /* display register 

seg id */ 

idopers(gid,gseg); /* gueue segment ID */ 

axiom 


idaxioms(memid,memseg); 
idaxioms(regid,regseg); 
idaxioms(stkid,stkseg); 
idaxioms(dregid,dregseg); 
idaxioms(gid,gseg); 
end extend; 
end identifiers; 


spec memaddress 
is 
extend 
identifiers, 
boolean 
with 

sort 
memaddr; 

primitive 

Op 
startmemaddr: memid — memaddr; 
nextmemaddr: memaddr + memaddr; 
prevmemaddr: memaddr + memaddr; 
getmemid: memaddr > memid; 
offset: int,memaddr > memaddr; /* offset from 

memaddr */ 

2qmemaddr: memaddr,memaddr > bool; 

axiom 
prevmemaddr (startmemaddr(i)) = undef; 
prevmemaddr (nextmemaddr(m)) = m; 


JO 2 


nextmemaddr (prevmemaddr (m)) = m; 


mise ((succint (1), ,m) = nexcmemaddr(offset(n,m)); 
if offset(n,m) = startmemaddr() 
then 
offset(predint(n),m) = undef; 
else 
offset(predint(n),m) = prevmemaddr (offset(n,m)) ; 
endif; 
egqmemid(i,getmemid(offset(n,startmemaddr(i)) )) = 
true(); 


eqmemaddr (startmemaddr(il),startmemaddr(i2)) = 
egmemid(il,i2); 
eqmemaddr (startmemaddr(i),nextmemaddr(a)) = 
false(); 
eqmemaddr (nextmemaddr(al),nextmemaddr(a2)) - 
egmemaddr(al,a2); 
@pesee(zZeroint(),m) = m; 
equivrel (eqmemaddr ,memaddr) ; 
end extend; 
end memaddress; 


spec regaddress 
is 
extend 
identifiers, 
boolean 
with 
sort 
regaddr; 
primitive 
Op 
startregaddr: regid > regaddr; 
nme Pc cr: rcgaddr > regaddr; 
Poa eee addr: regadas; 
getregid: regaddr > regid; 
eqregaddr: regaddr,regaddr > bool; 


axiom 
prevregaddr(startregaddr(i)) = undef; 
prevregaddr(nextregaddr(m)) = m; 
nextregaddr (prevregaddr(m)) = m; 


egregaddr(startregaddr(il),startregaddr(i2)) - 
egregid(il,i2); 
egregaddr (startregaddr (i) nextregaddr (a)) = 
false(); 
eqregaddr (nextregaddr(al),nextregaddr(a2)) = 
egregaddr(al,a2); 
eguivrel(egregaddr,regaddr); 
end extend; 
end regaddress; 


nS 


spec stkaddress 
is 
extend 
identifiers, 
boolean 
with 
sort 
stkaddr; 
primitive 
Op 
getstkid: stkadd e 
egstkaddr: stkaddr,stkaddr —> bool; 
axiom 
eqstkaddr(nextstkaddr(al),nextstkaddr(a2)) = 
eqstkaddr(al,a2); 
equivrel(eqstkaddr,stkaddr); 
end extend; 
end stkaddress; 


Spec qaddress /* database part */ 
ls 
extend 
identifiers, 
boolean 
with 
SOLE 
gaddr; 
primitive 
Op 
getgid: qaddr EG 
eggaddr: gaddr,gaddr > bool; 
axiom 
eggaddr (nextgaddr(al),nextgaddr(a2)) - 
eggaddr(al,a2); 
eguivrel(eggaddr,gaddr); 
end extend; 
end gaddress; /* database parte 


spec dregaddress /* display parca 
is 
extend 
identifiers, 
boolean 
with 
sort 
dregadar; 
primitive 
op 
startdregaddr: dregid > dregaddr; 
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nextdregaddr: dregaddr ^ dregaddr; 
prevdregaddr: dregaddr > dregaddr; 
getdregid: dregaddr > dregid; 
eqdregaddr: dregaddr,dregaddr > bool; 


axiom 
prevdregaddr(startdregaddr(i)) = undef; 
prevdregaddr (nextdregaddr(m)) = m; 
nextdregaddr (prevdregaddr(m)) = m; 


eqdregaddr(startdregaddr(il),startdregaddr(i2)) = 
i egdregid(il,i2); 

eqdregaddr(startdregaddr(i),nextdregaddr(a)) - 
false(); 

eqdregaddr (nextdregaddr (al) ,nextdregaddr(a2)) = 
egdregaddr(al,a2); 

eguivrel(egdregaddr,dregaddr); 

end extend; 
end dregaddress; 


spec monitorattribute 
is 
extend 
boolean 
with 
sort 
mattribute; 
primitive 
Op 
pixels: > mattrLbuce; 
ypixels: > mattribute; 
hcesncgze: - mattrrzbute; 
vscrnsize: > mattribute; 
me erscappl: >~ mattribute; 
col rcappbl: > matcribute; 
sac mc > mattribute; 
dselect: > mattribute; 
Sama tee toltce: mattribute,  mattribute > bool; 
axiom 
equivrel(eqmattribute,mattribute); 
end extend; 
end monitorattribute; K display part */ 


spec files 
is 
extend 
identifiers, 
boolean 
with 
sort 
file; 
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primitive 
Op 


getfile: fid > file; 
eqfile: file,file > bool; 


axiom 


eqfile(getfile(il),getfile(i2)) 
equivrel (eqfile, file) ; 


end extend; 
end files; 


spec operatorclasses 
is 
sort 

mop; 

dop; 

top; 

gop; 

sop; 

OOP; 

rop; 

DOP? 
end operatorclasses; 


spec instructiontype 
is 
sort 
instr; 
end instructiontype; 


Spec Property Ird 
is 
extend 
boolean 
with 
sort 
pide 
primitive 
Op 
prO me 
pais 9 


pida: -~ pid; 


cao" pd; pc wr oo m, 


axiom 


equivrel (eqpid, pra); 


end extend; 
Gnd prOperey cd; 


Jae 


= egfid(il,i2); 


database part */ 


lst property Y 
2nd property ala, 


nth property 10 
equal property id *A 


pee property idset 
is 
extend 
boolean, 
property id 
with B 
sort 
pidset; 
primitive 
op 


Ue Pidset; /* empty set */ 
us pridset; /* universe */ 
Grpidset: pid + pidset; /* create */ 
unpidset: pidset,pidset > pidset; 

EE 
intpidset: pidset,pidset > pidset; 

/* intersection */ 
mempidset: pid,pidset > bool; /* member */ 
eqpidset: pidset,pidset > bool; 

oe dare S f 


axiom 


egqpidset(0,0) = true(); A empty pidset *7/ 


if eqpidset(psl,ps2) = true() 
then 
(eqpidset(unpidset(psl,crpidset(pdl)), 
unpidset(ps2,crpidset(pd2))) 
Eu pd pp c2).) ; 


endil: Vossen PLASee 
A LC” 


mempidset(pdl,crpidset(pdl)) = true(); 
if mempidset(pd2,crpidset(pdl)) = true() 
then 
egpid(pdl,pd2) = true(); 
endif; 
if and ( 
egpidset(psl,ps2), 
egpidset(ps2,ps3) 
) = true() 
then 


eqpidset (unpidset(psl,ps2),ps3) = true() 
eqpidset (intpidset(psl,ps2),ps3) = true( 


endif; 
if and( 
egpidset(psl,ps2), 
egpidset(ps2,ps3) 
) = true() 
then 
unpidset(psl,ps2) = unpidset(ps2,ps3) ; 


intpidset(psl,ps2) = intpidset (ps2,ps3); 


else unpidset ( 
unpidset(psl,ps2), 
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unpidset (ps2,ps3) 
) = unpidset ( 
unpidset(psl,ps2), 
ps3 
) ; 
intpidset( 
intpidset (psl,ps2), 
intpidset (BS2; ps 
) = intpidset( 
intpidset(psl,ps2), 
ps3 
) ; 
endif; 
mempidset(pdl,unpidset(psl,ps2)) 
= or ( 
mempidset(pdl,psl), 
mempidset(pdl,ps2) 
) 
mempidset(pdl,intpidset(psl,ps2)) 
= and 
mempidset(pdl,psl), 
mempidset (pdl,ps2) 


E 
if egpidset(unpidset(psl,ps2),intpidset(psl,ps2)) 


= true() 
then 
egpidset(psl,ps2) = true(); 
endif; 
if amet 
and ( 
not (eqpiaipal da e 
not (eqpid (paz easy 
), 
egpidset(unpidset(crpidset(pdl), 
crpidset(pd2)),ps3) 
) — true() 
then 
mempidset(pd3,ps3) - false(); 
endif; 


associative(unpidset,pidset); 
associative(intpidset,pidset); 
commutative(unpidset,pidset); 
commutative(intpidset,pidset); 
eguivrel(egpidset,pidset); 
end extend; 
end proper ey SOc: 


spec value 
is 
extend 
boolean 


198 


with 


sort 
val; 

primitive 

Op 
vall: > val; lle yalue: */ 
callao val; eelere */ 
valni: > val; ye nth value */ 
Saou val, vale bool ; /* equal value */ 

axiom 


equivrel (eqval,val) ; 
end extend; 
end value; 


spec valueset 
is 
extend 
boolean, 
value 
with 
sort 
valset; 
primitive 
Op 


unvalset: valset,valset —> valset; 


OR n 


intvalset: valset,valset —> valset; 


0 valset; /* empmy set */ 
u: > valset; /* universe */ 
crvalset: val > valset; 77 Greare */ 


/* intersection */ 


memvalset: val,valset > bool; /* member */ 


eqvalset: valset,valset > bool; 


“OG nol: Z 


axiom 
eqvalset(0,0) = true (); MF empty valset */ 
iemequwealsez(vsl,yvs2) = true() /* vs: 'valset' */ 
then 
(eqvalset(unvalset(vsl,crvalset(vl)), 
unvalset(vs2,crvalset(v2))) 
egval(vl,v2)); a val” 
endif; 
memvalset(v,crvalset(v)) = true(); 
Meemenva lset(v2,crvalset(vl)) = true() 
then 
eaval(vil,v2) = true(); 
endif; 


IO 


if and( 
eqvalset(vsl,vs3), 
eqvalset(vs2,vs3) 
) = true () 
then 
eqvalset(unvalset(vsl,vs2),vs3) = true( 
eqvalset(intvalset(vsl,vs2),vs3) = true 
endif; 
Jp xe ol 
eqvalset(vsl,vs2), 
eqvalset(vs2,vs3) 


]5 
ER 


) = true () 

then 
unvalset(vsl,vs2) = unvalset(vs2,vs3) ; 
intvalset(vsl,vs2) = intvalset (vs2,vs53)- 


else unvalset( 
unvalset(vsl,vs2), 
unvalset(vs2,vs3) 

) = unvalset( 
unvalset(vsl,vs2), 
vs3 

E 

intvalset ( 
intvaleeg ul S2 'r 
intvalser S2 VSO 


) » intvalset( 
intvalset(vsl,vs2), 
vs3 

ES 
endif; 
memvalset(vl,unvalset(vsl,vs2)) 
= or ( 


memvalset(vl,vsl), 
memvalset(vl,vs2) 
es 
memvalset(vl,intvalset(vsl,vs2)) 
= and ( 
memvalset(vl,vsl), 
memvalset(vl,vs2) 


if eqvalset(unvalset(vsl,vs2),intvalset(vsl,vs2)) 


= true() 
then 
eqvalset(vsl,vs2) = true(); 
endif; 
if and( 


and ( 
not (eqval(vl,v3,), 
not (eqval(v2,v3)) 
) , 
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eqvalset(unvalset(crvalset(vl, 


crvalset(v2)),vs3) 
) 2» true() 
then 
memvalset(v3,vs3) = false();> | 
endif; | 


associative(unvalset,valset); 
associative(intvalset,valset); 
commutative(unvalset,valset); 
commutative(intvalset,valset); 
eguivrel(egvalset,valset); 
end extend; 
end valuset; 


Spec property 


is 
extend 

boolean, 

puonexto id, 

Ee Cyn uc eL; 

value, 

valueset 

with 

sort 
Prop; 

primitive 

Op 
erop. pid,valset > prop; Ee * / 
ecprop;: prop,prop > bool; equal” */ 
LO: prop > pid; property id */ 
getvalset: prop > valset; /* get valueset */ 

axiom 
if and( 

capid(getia(prl) geeud(pr2)); 
eqvalset(getvalset(prl),getvalset(pr2)) 
) = true() 
then br. property */ 
eqprop(prl,pr2) = true(); EE EEN 1d */ 

endif; 
Geeta (crprop(pdl vsl)) = pdi; 
Gqeevalset(crprop(pdl,vsl)) = vsl; 


equivrel(eqprop,prop) ; 
end extend; 
end property; 


Specs propertyset 
is 
extena 
boolean, 
puppes id, 
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property idset, 

value, 

valueset, 

Property 

with , 

sort 
poo se 

primitive 

op 
0: > propset; /* empty set */ 
u: > propset; /* un rse.* 
crpropset: prop > propset; /* Create */ 
unpropset: propset,propset > propsot; 

/* undeomn, 
intpropset: propset, propser E rop reS 

/* intersection */ 
mempropset: prop,propset > bool; 

/* member */ 
getidset: propset > pidset; /* get pidset */ 
eqpropset: propset,propset >» bool; 

/* equal propset */ 


axiom 
eqpropset(0,0) = true(); /* empty propset */ 
if eqpropset(prsl,prs2) = true() 
/* prs: 'props THE | 
then 
(egpropset(unpropset(prsl,crpropset(prl)), 
unpropset(prs2,crpropset(pr2))) = 
eqprop (perl pec. 
endif; /* pr: "prop m 
mempropset (pr,crpropset(pr)) = true(); 
if mempropset(pr2,crpropset(prl)) = true() 
then 
eqprop(prl,pr2) = true(); 
endif; 
ic andi 
egpropset (pr Sl, ^r SN 
egpropset(prs2,prs3) 
) = true() 
then 
egpropset(unpropset(prsl,prs2),prs3) —- true); 
egpropset(intpropset(prsl,prs2),prs3) - true(); 
endif; 
if andi 
eqpropset(prsl,prs2), 
eqpropset (prs2,prs3) 
) = true() 
then 
unpropsetí(prsl,prs2) - unpropset(pps?9prs m 
intpropset(prsl,prs2) = intpropset(pus2,) ous ae 
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else unpropset ( 
Unem@osee(prsl,prs2), 
unpropset (prs2,prs3) 
) = unpropset ( 
unpropset(prsl,prs2), 
PESO 
n 
intpropset( 
IOC PLOPSEt(prsSl; prs2)},; 
intpropset(prs2,prs3) 


) = intpropset ( 
intpropset(prsl,prs2), 
prs3 

JE; 
endif; 
mempropset (pr, unpropset (prsl,prs2)) 
= or ( 


mempropset(pr,prsl), 
mempropset (pr,prs2) 
U 
mempropset(pr,intpropset(prsl,prs2)) 
= and ( i 
mempropset(pr,prsl), 
mempropset(pr,prs2) 
J. 
if eqpropset(unpropset(prsl,prs2), 


intpropset(prsl,prs2)) = true() 
then 
eqpropset(prsl,prs2) = true(); 
endif; 
ee EE 
and ( 


not ledprop (pel RES) 

o (eqprop(pr2 pr 9 
), 
egpropset(unpropset(crpropset(prl) 


a crpropset(pr2)),prs3)) true() 
mempropset(pr3,prs3) = false(); 
endif; 
if mempropset(crprop(pd,vs),prs) = true() 
Ed: pidi i= 
then /* vs: 'valset' */ 
mempidset(pd,getidset(prs)) = Lrue(); 
endif; E 


associative (unpropset,propset) ; 
associative (intpropset,propset) ; 
commutative (unpropset,propset) ; 
commutative (intpropset,propset) ; 
equivrel (eqpropset,propset) ; 
end extend; 
EuNGEorCropertyset; 
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spec propertyvalue pr property S 


is 


extend 
boolean, 
properi year 
proper, Fdsec; 
value, 
valueset, 
property 


with 


sort 


pval; 


primitive 


op 


crpval: pid,valk ^^ pl /* cree */ 
getpid: Ypval = pid: /* get property mm 
qgetval: pval um /* get 

propertyvalue 7 
eqpval: pval,pval > bool; 
MeMprops pVal, prep. soar. 


axiom 


pd; /* pd: propera m E 
va; /* va: value */ 


getpid(crpval (pda, vajo 
getval (crpval (pd, va)) 
if and( 
egpid(getpid(pv) ,getid(pr)), 
memvalset (getval (pv) ,getvalset (pr)) 
) = true() y GN 
propertyvalue */ 


then 
memprop(pv,pr) = true(); 
endif; 
3 f eme 
memprop(pvl,pr), 
memprop(pv2,pr) 
) = true() 
then 
eqpid(getpid(pvl) ,getpid(pv2)) = true(); 
endif; 
1£ eqpval(crpval(pal,val crpvali pi s n 
= true() 
then and( 
eqpid pdl pd > 
egval(val,va2) 
) = true(); 
endif; S 
equivrel (eqpval,pval) ; 


end extend; 
end propertyvalue; 
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spec propertyvalueset 


1s 


extend 
boolean, 
property id, 
property idset, 
value, 
valueset, 
property 
propertyvalue 
with 
sort 
pvalset; 
primitive 
Op 
0: > pvalset; EE ty 
u: > pvalset; /* universe */ 
crpvalset: pval > pvalset; “Create: xZ 
unpvalset: pvalset,pvalset > pvalset; 

pr DNO E 
intpvalset: pvalset,pvalset > pvalset; 

/* intersection */ 
mempvalset: pval,pvalset > bool; 

/* member */ 
mempset: pvalset,propset > bool; 

/* member propset */ 
getpidset: pvalset > pidset; /* get pidset */ 
eqpvalset: pvalset,pvalset > bool; 

Pc ^ 


axiom 
eqpvalset(0,0) = true(); /* empty pvalset */ 
1f eqpvalset(pvsl,pvs2) = true() 
IS pvalset' */ 
then 
(eqpvalset(unpvalset(pvsl,crpvalset 
Corpo). 
unpvalset(pvs2,crpvalset 
WecevalipdZ,v2)))) = 
ecwmel (Caavalipdl, vil esbpvyalipd27$vw2))):; 
endif; Aa pld' */ 
PI EA y 
mempvalset(pv,crpvalset(pv)) = true(); 
p. val’ */ 
if mempvalset(pv2,crpvalset(pvl)) = true() 
then x 
eqpval(pvl,pv2) = true(); 
endif; 
dco 


egqpvalset(pvsl,pvs3), 
egpvalset(pvs2,pvs3) 
) = true() 


2:05 


then 


egpvalset(unpvalset(pvsl,pvs2),pvs3) = true(); 
egpvalset(intpvalset(pvsl,pvs2),pvs3) - true(); 
endif; 
.1f and( 


eqpvalset(pvsl,pvs2), 
eqpvalset (pvs2,pvs3) 


) = true() 

then 
unpvalset(pvsl,pvs2) = unpvalset (pvs2,pvs3) ; 
intpvalset(pvsl,pvs2) = intpvalset (pvs2,pvs3) ; 


else unpvalset ( 
unpvalset(pvsl,pvs2) , 
unpvalset (pvs2,pvs3) 

) = unpvalset ( 
unpvalset(pvsl,pvs2), 
pvs3 

NW 
intpvalset ( 
1ntpvalset (pvslipvs2)5 
intpvalset(pvs2,pvs3) 

) = intpvalset ( 
intpvalset(pvsl,pvs2), 
pvs3 

) ; 
endif; 
mempvalset(pv,unpvalset(pvsl,pvs2)) 
= or( 
mempvalset(pv,pvsl), 
mempvalset (pv, pvs2) 
) 
mempvalset (pv,intpvalset (pvsl,pvs2) ) 
= and ( 
mempvalset(pv,pvsl) 
mempvalset (pv,pvs2) 
) 
if eqpvalset (unpvalset(pvsl,pvs2) 


cred = e RS n O HO true () 
eqpvalset(pvsl,pvs2) = true() 

endif; 

1f and( 
and ( 


not (eqpval (pvi P9 
not (eqpval (pv2,pv3) ) 


7 


) , 
eqpvalset(unpvalset(crpvalset(pvl), 


crpvalsetipv2 Ive = true() 

then 

mempvalset(pv3,pvs3) = false(); 
endir, 
if mempvalset (crpval(pd,v),pvs) = true() 
then 

mempidset (pd,getpidset(pvs)) = true(); 
endif; 
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if eqpidset(getpidset (pvs),getidset(prs)) = true() 
then Lames propset' */ 
mempset(pvs,prs) = true(); 

endif; 
associative (unpvalset,pvalset) ; 
associative(intpvalset,pvalset) ; 
cummutative(unpvalset,pvalset); 
commutative(intpvalset,pvalset); 
equivrel(eqpvalset,pvalset); 

end extend; 

end propertyvalueset; 


spec object 
is 
extend 
boolean 
Property id 
Property idset, 


value, 
propertyvalue, 
propertyvalueset 
with 
sort 
obj; 
primitive 
Op 
erop). pvalset > obj; /* create */ 
getopvalset: obj > pvalset; [te Get 
propertyvalueset */ 
Sereprascr: Ob pidset; wrk get 
property idset */ 
getoval: obj,pid > val; East value */ 
Maspveall: pval,oby > bool; /* has 
prue perney vale */ 
caoba cobj,obyge bool; 7 eG laden / 
axiom 
getopvalset(crobj(pvs)) - pvs; /* pvs: 'pvalset' */ 
if mempvalset(pv,pvs) = true() 
ay ee pval' */ 
then 
haspval(pv,crobj(pvs)) = true(); 
endif; 
getopidset(crobj(pvs)) = getpidset(pvs) ; 
if and ( 
(empval(pd,v) = pve "Eod: 'pid' */ 
mempvalset(pv,pvs) uv Val.’ */ 
) = true () 
then 
getoval(crobj(pvs),pd) = v; 
endif; 


EE 


if egpvalset(pvsl,pvs2 MINCE 


then 

eqobj (crob3í(pvsl),crobmpus2EN- true (c - 
endif; 
egobj(ol,o2) = o: MOD" d 


egpvalset(getopvalset(ol),getopvalset(o2)); 
equivrel(eqobj,obj); 
end extend; 
end “object 


spec objectclass 


endif; 
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1s 
extend 
boolean, 
property kia 
property EEN 
object 
with 
sort 
class; 
primitive 
Op 
0: >= class; /* empty "classe. 
u: > class; /* universe */ 
crclass: obj > class; /* create */ 
unclass: class,class > class; /* union */ 
intclass: class,class > class; /* intersection */ 
subclass: class,class > bool; /* subclass */ 
memclass: obj,class > bool; /* member */ 
getcpidset: class > pidset; /* get pidset 
of class */ 
1nsobj: Class,ob) = class, ¡"Sere */ 
delobj: obj,class > class; /* delete */ 
eqclass: class,class > bool; /* egual =; 
axiom 
eqclass (0,0) = true(); /* empty class */ 
if eqclass(cl,c2) = true() JE cc: "class. MA 
then 
egclass(unclass(cl,crclass(crobj(pvsl))), 
unclass(c2,crclassicrobjJ 722) 00a 
egpvalset(pvsl,pvs2); /*“'pvs: 'pvalseKC(Wl 
endif: 
if andi 
edqob3tol,o2)7 Me cy 
egclass(cl,c2) 
) = true() 
then 
eqclass(insobj (ol,cl) ,insobj] (02,620. = truce 





memclass(o,crclass(o)) = true() ; 


1£ memclass(o2,crclass(ol)) = true() 
then 
EE yj (Ol ,02) = true(); 
endif; 
Pana ( 


egclass(cl,c3), 
eqe lass (C2, ¢3) 
eae) 
then 
eqclass(Qunclass(cl,c2),c3) » true() 
eqercass (ilntelassycl,c2),c3) = true 
endif; 
Mana l 
eqclass(cl,c2), 
eqclass(c2,c3) 


° 
U 


° 
SÉ 


) = true() 

then 
Unc Mase (elec? ee ne ass (02 3): 
MPMitelassich,ec2)) = intclass(c2,c3); 


else unclass ( 
muclasstcl,c2)., 
Uumclasstc2,.,c3) 
) = unclass( 
unclass(cl,c2), 
ES 
E 
intclass ( 
imece Wage tcl, C2); 
mutclgssic2uuc) 
m— cla Sc 
El Gi cl, C2) 
eS 
ds 
endif; 
memclass(o,unclass(cl,c2)) 
= or ( 
memclass(o,cl), 
memclass(o,c2) 
e 
memclfatSis o, 1nteclasslel,c2)) 
S ane 
memclass(o,cl), 
memclass(o,c2) 
2E 
if and! 
and( 
noc [ob] (ol,o2)), 
moe ego» (62703) ) 
yg 
eqclass(unclass(crclass(ol),crclass(o2)),c3) 
) = true() 
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then 
memclass(o3,c3) - false(); 
endif; 
if anda 
memclass(ol,c), 
memclass(o2,c) 


J = true) 
then 
egpidset(getopidset(ol),getopidset(o2)) - true(); 
endif; 
if egclass(unclass(cl,c2); el = true() 
then 
subclass(c2,unclass(cl,c2)) — truetjs 
else if eqclass(unclass(cl,c2),c2) = true() 
then 
subclass(cl,unclass(cl,c2)) = true(); 


else and( 
subclass(cl,unclass cl/e_ 
subclassic2 unelass(cl ec 
E 
end: 
delobj(o,;insobs (cc NE. 
getcpidset(crclass(o)) - 
if not(memclass(ol,c)) = 
then 
delobj(ol,c) = undef; 
else delobj(ol,unclass(crclass(ol),crclass(o2))) 
=Crelass (Oz 1m 


getopidset (o); 
true() 


endif; 
if not (eqpidset(getopidset(ol),getcpidset(c))) 
= true(} 
then 
insobj (c,ol) = under, 
else insobj(crclass(o2),01) - unclass(crclass(o2), 
crclass(ol)); 
endif; 
if eqclass(intclass(cl,c2),cl) = true() 
then 
subclass(cl,c2) = true; 
endif; 


associative(unclass,class); 
associative(intclass,class); 
commutative(unclass,class); 
commutative(intclass,class); 
š equivreledqeclase, class”. 
end extend; 
end objectclass; 
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Spec database 

is 

extend 
property IO, 
propertv idset, 
value, | 
valueset, 
Property, 
propertyset, 
propertyvalue, 
propertyvalueset, 
object, 
objectclass, 
identifiers 

with 
sort 

db; 
primitive 
op 
ci: (ley dl ass 5. 


insclass: db,class > db; 
delclass: class,db > db; 
retclass: db,class + pvalset; 


reloj) diny pval vob 


getdbpidset: db > pidset; 
moc “bcb, val db; 
qeda: abra > db; 
Secdboad: db > dbid; 
memdb: class,db > bool; 
ea ab, ab > bool; 
Sewer abia, abid > bool; 
axiom 
if egdb(dl,d2) - 
then 


true() 


DE EE */ 

/* insert new class */ 

/* delete class */ 

/* retrieve pvalset 
me ass */ 

/* retrieve obj by 
Se EE 

7* gee, pidset */ 

~ modify ob] */ 

K e e adb Dy ID */ 

cb o£ db */ 

/* member */ 

“ual db */ 

Ee OO DELÀ 


"Ec p ID ^ 


eaco(inselass (€l,cl) ;inselass(dZ,¢2)) = 


ede Tass (Crec?) 
endif; 


"Erc-2class' *7 


FRU ID */ 


memdbí(c,crdb(i,c)) = true): 
meme lc,insclass(d,c)) = true(); 
dewerass(c,insclass (d;,c)) = <a; 
mr andi 

and( 


eqpvalset(getopvalset(o),pvs), 


memclassío,c) 


) 
) - 


memdb(c,d) 
true() 


AWN 


Aa: 
ADU: 


Wester? * / 
'pvalset' */ 


then 


intpvalset(retclass(d,c),pvs) = pvs; 
endif; 
if and, 
and ( 
haspval(pv,o), JE py: Diz | eae 
memclass(o,c) 
n 
memdb (c,d) 
) 2» true() 
then 
retobjud Eg *"— 
endif; 
if not(memdb(cl cl *— uc 
then 


delclass(cl,d) = undef; 
else delclass(cl,crdb(i,unclass(cl,c2))) = 
Crab. ce: 
endif; 
1£ memdb(cl,d) = true() 
then 
insclass(d,ch = under: 
else if and( 
i and ( 
not(memdbicth ah = 
memdb (c2 ,d) 
UE 
not (eqpidset(getcpidset(cl), 
getcpidset(c2) ) ) 
I true 
then and( 
egclass(insclass(crdb(i,c2),cl), 
crdb(i,unclass(ct,c2 DIM 
egpidset(getdbpidset(d) ,unpidset 
(getcpidset(cl),getcpidset(c2))) 


SMED 
endif; 
if and( 
and ( 


memclass(o,c), 
haspval(pv,o) 
) 


memdb(c,d) 
) — true) 
then 
mempvalset(pv,retclass(d,c)) = true(); 
endif; 
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if and ( 


and ( 
and ( 
and ( "Nab */ 
memprop(pv,crprop(pd,vs)), 
pa rc) * / 
mempidset (pd,getidset (prs) ) 
/* ys: ‘valset" */ 
IS prs: 'propset' */ 
egpidset(getopidset(o),getidset(prs)) 
), A ay 
memclass(o,c) VERGI cla? * / 
) , 
memdb (c,d) 
) = true() 
then and ( 


haspval(pv,o), 
memdb (crclass(o) ,modobj(d,o,pv) ) 
) = true(); 
Siendo (ao, py) = under; 
endif; 
e cid (crdb(1i,CG)) = 1; 
M ae e tdbD (Ti getdb(i2))] = truel) 
then 
eqdbid(il,i2) = true(); 
endif; 
equivrel (eqdb,db) ; 
equivrel (eqdbid,dbid) ; 
end extend; 
end database; 


spec list 
parm 
extend 
boolean, 
string 
with 
sort 
elm; 
primitive 
Op 
egelm: elm,elm > bool; /* equal */ 
axiom 
equivrel (egelm,elm) ; 
end extend; 
is 
extend 
Natural, 
boolean 


2Y 


with 


SOLE 
Ist; 

primitive 

Op 
nullist = mS, 
makelst: elm > 1st; 
makenewlst: lst > lst; 
firstelm: lst > elm; 
firsclst: Ist I 
restlst: Set lst; 
catlst: Test Tec moa 


catelm: elm,lst > lst; 
memelm: elm,lst > bool; 
memblst: lst,lst > bool; 
lenlist: lst > nat; 
unlst: lst,lst CES 
intlst: 1st, sty eect 
insist: lst,lst< "USE 
delst: lst,lst — ise 


getkst: (lst str lst; 
sofirstlst: lst > lst; 


retobj lst: lst,lst — “tse 
mod liste lst, lst -ISt 
eqlst:;: Ist, lst Dooi 


axiom 


firstelm(makelst(k)) = k; 
firstelm(catlst(makelst(k),l)) 
= under.: 


firscelm(nullst o 


° 
7 


7 


firstelm(makenewlst(makelst(k))) 


restlstícatlst (makelst(k),1)) 
undef; 
nullist os 


restlst(nullst()) = 
restlst(maKkelstt(k)) — 
restlst(catlist (11,12 ma 
tirstist(catclst( 11 127) 
Lt makelst(k) = 1 
then 
firstlst(makelst(k)) 
endif; 
lenbst(iumullistio)p 
lenlst(makelst(k)) = 


Zero 
succnat(Zeronau TT 


lI 


empty list 
make list £rom 
elm */ 

make list from 
list */ 

first elm of 
lac Et 

first lst oi 
list *7 

rest of lista 


concatenate two 
Ince 
concatenate elm 
CO ee 

elm member of 
lst */ 

lst member of 
lst */ 

length ot USA 


Unon < 
intersection */ 
insert */ 

delete */ 

get list ^^ 

set of first 

lists 7 

retrieve objlst */ 
mod r 2 

equal */ 


icc 


Ke 


lenlst(restlst(1)) = subnat(lenlst(l), 
succnat (zeronat( () ) ) ; 
Pemeseeqelse (1) /12)) = sunagc(lenlsE(11) lenlst(l2)); 
EET 
mci o SO O, 
(restlst(l)w— nullst()) 
) = true() 
then 
lenlst(l) — succnat(zeronat()); 
endif; 
ce iU St iZ ALS) — catlìlst(ll,;catlst(l2,l3)); 
EE cael il -mullst«)) = 1; 
implies (eqelm(k1,k2) ,eqlst(makelst (kl), 


makelct(K2' )m—> truel): 

gtnat(lenlst(makelst(k)),lenlst(nullst()) - true(); 
Pie EE != zeronatt)) 
then 

gtnat (lenlst(catlst(11,12),lenlst(12))) = true(); 
else eqnat(lenlst(catlst(11,12),lenlst(12))) 

= true(); 
endif; 
if and( 
Ghee nul loa) 
MAS a 

WE e) 
then 

eqlst(11,12) - true(); 
else if (firstelm(11) != firstelm(12)) 
then 

eqlst(11,12) = false(); 
else eglst(restlst(l1l),restlst(12)); 
endif; 
if (l = nullstt()) 
then 

catelm(k,1) = makelst (k); 
else if (makelst(k) = nullst()) 
then 

cat ln (| — T]; 
cl le E 
endif; 
e O as Eise 
then 

Amis (PAPAL) =D: 
else if memelm(firstelm(11),12) = true() 
then 


undist(iremetlst(ll),l2y5 
Sifsercarelm(tirstelm(1117 un stefrestlst(11),12)); 
endif; 
memelm(firstelm(l),l) —- true(); 
memelm(k,makelst(k)) = true(); 
eqlst(1,makenewlst(restlst(1))) = false(); 
eguivrel(eglst,lst) 


# 
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if eglst(firstisc (ll) nus SENE 
/* recursion for 
membist */ 
then 
memblst(ll,12) —z Erue(); 
else if and( 
not (eqlst(firstlst(ll),nullst()) = tuners 
(eqlst(firstlst(12),nüullst()) — true» 
) = true() 
then 
memblst (11, l2) = Fal on 
else if eglst(firstlst(ll),firstlst(12)) - true() 
then 
memblst(restlst(ll),restlst(1l2)); 
else memblst(firstlst(11), restlst(12)); 


endif; 
Jf on /* recursion for 
inclst 24 
(egqlst (ll, nullst (I = true (NS 
(eqlst(12,nullst()) = true()) 
eruen) 
then 


1mtlst (firstlst(11 P o (mm TTT 
else if memblst(firstlst(1l11l),12) = true() 
then 
catlst(firstlst(11) , intlst(restls See s 
else intlst(restlst(11) ,12); 


endif: 
deo /* recursion fen 
getlst */ 
(eqlst(11,mullst()) = trüe ) n 
(eglst(l2,nu'LlstE (M= rsru 
) = true() 
then 
getist(ll,12) = undef; 
else if eglst(firstlst(ll),l2) = true() 
then 
getlst(11,12) = firscrlSt((resclse mn, 


else if eglst(firstlst(restlst(ll)),12) —- true() 
then 


getlst(11,12) — farstlat Pin 
else getlst(restlst(restlst(11)),12); 
endif; 
lt or! /* recursion tos 


delst */ 
(eqlst(12,nullst()) -» true()) 
(not (membilst (11:12  ) EU) 
) = true() 
tnen 
delst (11, 2) — undeot- 
else if not(egqlst(11l ,firstl (12) BR O 


) 
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then 

makenewlst(catlst(firstlst(12),delst(11, 
EIRE E 12) 997 

else makenewlst(restlst(l2)); 

endif; 

Ms s recursion tor 

SOfIr eSt */ 

Benat (lenlst(1)  succnat (succnat (zeronaáaťt()))) 


= true() 
then 
sofirstlst(l) = undef; 
else if egnat (lenlst(1) ,succnat (succnat (zeronat ()))) 
= true() 
then 
SOCIS else = firstlst(l); 


else catlst(firstlst(l),sofirstlst(restlst 
Coss lee) > 
endif: 
"Log J* Geeuceron for 
rotoDJLSE */ 
Sqlee(firstlst(11) ,nullst()) = true () 


then 

retobjlst(11,12) = nullst(); 
Nicci: el Sst glz, firstist(li)) e 12 
then 


cc stelist (1) retoby1st(mestist(11),12)); 

else retobjlst(restlst(ll),l2); 

endif; 

if and( 

and( 
and ( 
and ( 

memblstí(ll,makenewlst(unlst(12,13))), 
mempl1st(12,sofirstl]st(14)) 

WW 
Ee) 
US 
memblst(l5,16) 
ee 
memblst(l6,l7) 

) = true() 

then 
memiblstimakenewlst(l5)modlst(l7,15,ll)) 
Z trueni 
Sica lst (17,15, 1) = undef; 
endif; 
end extend; 
end list; 
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Spec pieds 
is 
use 
list(property id) 
where 
pid is elm; 
egpid is egelm; 
end pidlist; 


spec pidsetlist 
is 
use 
list (property ds e 
where 
pidset is elm; 
eqpidset is eqelm; 
end pidsetlist; 


spec vallist 
is 
use 
list(value) 
where 
val is elm; 
EE TS ed 
end vallist; 


spec valsetlist 
1s 
use 
list(valueset) 
where 
valset is elm; 
eqvalset is eqelm; 
end valsetlist; 


spec proplist 
1s 
use 
list (property) 
where 
prop is elm; 
eqpropis eqelm; 
end proplist.: 
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Spec propsetlist 
is 
use 
list(propertyset) 
where 
propset is elm; 
eqpropset is egelm; 
end propsetlist; 


spec pvallist 
is 
use 
list (propertyvalue) 
where 
pyval is elm; 
eqpval is egelm; 
end pvallist; 


Spec pvalsetlist 
is 
use 
list(propertyvalueset) 
where 
pvalset is elm; 
egpvalset is eqelm; 
end pvalsetlist; 


spec objlist 
is 
use 
list(object) 
where 
obj is elm; 
eqobj is eqelm; 
end objlist; 


Spec classlist 
is 
use 
list(objectclass) 
where 
class is elm; 
egclass is egelm; 
end classlist, 
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spec dblist 
ls 
use 
list (database) 
where 
ab is elm; 
eqdb is egelm; 
end dblist; /* database part 


spec typing 
is | 
extend 
boolean, | 
natural, 
integer, 
character, | 
Ee EE 
intensity, 
polmeccolor; 
porn, 
rectangle, 
imageform, 
pu EU ns; 
dec I OG, 
identifiers, 
memaddress, 
regaddress, 
stkaddress, 
dregaddress, 
monitorattribute, 
files, 
operatorclasses, 
instructiontype, 
EC Ge /* database part */ 
pidsetlist, 
vallist, 
valsetlist, 
BR OD ES Eg 
propsetlist, 
pvarllisct, 
pvalsetlist, 
Oba list, 
classlist 
dblist /* database parte 
with 
sort 
Cype; 
val; 
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primitive 
Op 
typingopers (bool) ; 
typingopers (nat); 
typingopers(int); 
typingopers(char); 
e ingopers(str.char); 
typingopers(intens); 
E pincgeperstieolor); 
typingopers (pnt); 
typingopers (rct); 
typingopers(form); 
typingopers(ptblt) 
typingopers(font); 
typingopers (memid) 
) 
) 


7 


typingopers(regid); 
typingopers(stkid); 
typingopers(dregid); 
typingopers(fid); 
typingopers(memaddr); 
typingopers(regaddr); 
typingopers(stkaddr); 
typingopers(dregaddr); 
ExpmEDmngopersimattribute); 
typingopers(file); 
typingopers (mop); 
typingopers (dop) 
typingopers (top) 
typingopers (qop) 
typingopers(sop); 
) 
) 


typingopers(oop 
typingopers(rop 
typingopers(bop); 
En dgopers (LIGC r ) ; 
typingopers(pidlist.lst); /* database part */ 
Eyengopers (prdsetlist.1st) ; 
typingopers (vallist.lst); 
pyeingopers (valsetlist se); 
twodngopersí(prophist.lst); 
typingepers (propsetl1st.lst); 
Exe opers(pvablrst.lst)- 
Evommaopers (pvalsetlistalst) ; 
typingopers(objlist.lst); 
typingopers(classlist.1st)"; 
typingopers (dblist.lst); “database prt. */ 
hidden 
Op 
whattype: val > type; 
egtype: type,type > bool; 


221 


axiom 
typingaxioms (bool) ; 
typingaxioms (nat) ; 
typingaxioms (int) ; 
typingaxioms(char) ; 
typingaxioms(str.char) ; 
typingaxioms (intens) ; 
Eypingaxroms Colors 
typingaxioms (pnt) ; 
typingaxioms (rect) ; 
typingaxioms (form) ; 
typingaxioms (ptblt) ; 
typingaxioms (font) ; 
typingaxioms (memid) ; 
typingaxioms(regid); 
typingaxioms(stkid); 
typinhgexións (dregia e 
typingaxioms(fid); 
typingaxioms (memaddr); 
typingaxioms(regaddr); 
typingaxioms (stkaddr) ; 
typingaxioms (dregaddr) ; 
typing axioms (materi pWee E 
typingaxioms (file); 
typingaxioms (mop) ; 
typingaxioms (dop) 
ou eg dc OS Ep) 
typingaxioms(gop); 

) 

) 

( ) 

( 

( 

( 

( 

( 

( 

( 

( 

( 

( 

( 

( 


typingaxioms (sop) ; 
typingaxioms (oop 
typingaxioms (rop); 
typingaxioms (bop) ; 
typingaxioms (instr) ; 
typingaxioms(pidlist. tse, 
typingaxioms(pidsetlist.lst); 
typuxngaxioms(valdust dec 
Eypingaxioms (Valseelis jae) « 
typingaxioms(proplist.lst); 
typingaxioms(propsetlist.lst); 
typingaxioms(pvallist.lst); 
cypingaxioms(pvalsetlist.lst); 
typingaxioms(objlist.lst); 
typingaxioms(classlist.lst); 
typingaxioms(dbi3sStousm E 
equivrel(eqtype,type); 

eux ccs 
end typing; 


. 
, 


Zoe 


/* database partes 


/* database part */ 


Spec operators 
1s 
extend 
operatorclasses, 
typing 
with 

[aT LV e 

op 
EE 
cs T indi; > dOP; 
Dolo dO); 
IBN [ONCE mop; 
EERSTEN Ee 
natsum: > dop; 
posu Op: 
Mae: + FOD; 
Maltes rop 
Hale: + rop; 
EE Ee EHNEN 
We SUCE; mop: 
intabs: > mop; 
Moa. > mop; 
IM = MOP; 


intsum: > dop; 
Pitesti: > dop; 
Menit: > dop; 
medaia: > dop; 
intmod: > dop; 


ieee: > LOD; 
Ns SOD); 
NS > OD? 
careg: > Trop; 
Sao: > Op; 
Chaesenlen: > mop; 
charmakestr: > mop; 
charheadstr: > mop; 
ehictaeallstr; > mop; 
CHH arcCatstr: > dop; 
cr careg: > rop; 
S S = é ol r E ae en 
intenspred: > mop; 
intenssucc: +> mop; 
intenssum: > dop; 
intenssub: > dop; 
intenseg: > rop; 
MUEensct. » rop; 

colo msSdcomogt: —> mop; 
colo ec Encompnat: + mop; 
colo lucompnt: — mop; 
colerederb: > tops. 

G oF > rop; 
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pubcoomd E 
T ==] lop. 
pntlocióas er 
pNnEofEsee: = Gop: 
PRECISAN 

PEC ES CD, 
EES o; 
pnrge E 
EE 
rCeorigin. =. me, 
reccecorner NU 
recxdim mem 
rou — Emp. 
rctarea: > dop; 
rctin: > dop; 
rctdis > dop 
retint: > dop: 
EELER 

EE EE 
forminit: + mop; 
fOrmiareca: = mop: 
formgetcolcr:  — dop; 
formr Op 
formsetcolor: > top; 
TT ess 
Foner ese ser. 
ee 
fontlen: > mop; 
fontspmap: > dop; 
EENS 
tontin: > dop: 
fontdel: —> dop; 
tontgeot: op. 
fontset: > top; 
tontobtiset. m so; 
ptblegeesrct: = mop, 


ptolitgetarct: mem 
ptbltgetcrct: >fMop, 
ptbltgetrule: + mop; 
ptbltsetsrot: NoD 
pEbDitsecdrbct. eee 
GE Me 


ptbitsetrule: uem 

ptebItcopy: 7 don: 

ptbltdrawline: ^ sop; 

ptblcsent. Som 

pupletrontinyvs 09/7 

pidlistoeglst. — ron /* database part 
pidsetlist.makenewlst: + mop; 

pidsetlist.unlst: 3068/5 

pidsetlist.intlst: > dop; 

pidsetlist.memblst: > rop; 
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4 


pueiertiumstcedlst: > rop: 
WN ec St: rop; 
valsetlist.makenewlst: > mop; 
Eeer > dop; 

u m o amntelstot dop; 
valsetlist.memblst: > rop; 
US ec ll Y Oo 
Eeoplact. firsctilst: = mop; 

er roplist restlst: > mop; 
proplist.catlst: + dop; 
prop US: egl Op; 
propsetlist.makenewlst: > mop; 
propseti'rst.sorrrstlst: - mop; 
pasonusetlistounbst. dop; 
PROPScCeELISt ele 
propsetlist memblst: — rop; 
TEE cd Eee rOn, 

BE lstetirstist: > mop; 

eua list restIst: > mop: 

Pb SE. caul > dop; 

Eu USE memb ISE: = rop; 

bu Y i eqlst: > rop; 
pyellsetlistsmacwenewlst: > mop; 
pvalsetlist.sofirstlst: —> mop; 
SM DU SE. uu SE: +> dop; 
ES eE uot. ee dop; 
EE EE 
EE EE EE 

' objlist.makenewlst: > mop; 
obpst sofirstlst: - mop; 
SSEMNStISgetlst: > dop; 

Cb glrst.colst: > rop; 

cd scvomemblst:- E00; 
classlist.makenewlst: > mop; 
ca SSsITSt.sotfirstlst? > mop; 
classlist.unlst: > dop; 
classlist.intlst: — dop; 
cliaeslist.catlstz —> dop; 
classlist.delst: >» dop; 
classlist.memblst: > rop; 
classlist.egqlst: > rop; 
dblist.makenewlst: > mop; 
Gewrst .sOrirstlst: > mop; 

d lst- catlst: = dop; 

dorst. delst: > dop 
ci SE EE el 
dblist.modlst: — top; 
dblist.memblst: > rop; /* database part */ 
isbool: -> bop; 

isnat: > bop; 


DD 


Js nrc aom 
ischar: > pes; 
1sstr. chart. sep, 
isintens: > bop; 
iscolor: > bop; 
Lepnt su = BOD: 
Eelere 
isform: -> DOP; 
isptblIt: = DOP. 
isfont DO 
ismemid: + bop; 
isregid: > bop; 
lsstkid: + bop; 
isdregid: > bop; 
lsfid: > bop; 
ismemaddr: > bop; 
lsregaddr: + bop; 
isstkaddr: + Dop? 
isdregaddr: >» bop; 
isfile: > bop: 


ismop: > bop; 
isdop: > bop, 
istop: Dep, 
1saop: > boo: 
1Ssop:)> bor, 
lsoop: >+ bop; 
isrop: DON; 
isbop: > bop; 


isinstr: > bop; 

ispralaist Ases bop. 
1spidsetl1st.lst:. > bop; 
isvallist.lst: — bop; 
isvalsetlist.lst: > bop; 
lSproplwst.lsco bom 
ispropsetlist.lst: > bop; 
lspvaliist.lst: een 
ispvalsetlist.lst: > bop; 
1sobjlist.lst: 299995 
isclacssluse. lsc 0 MOD. 
isdblist. St: +- Dop; 


/* database part 


/* database part 


hidden 


Op 


applymep: Mop, Vale] sa, 

applydop: dop,val,vale val 

applytop: top, val, vale val E 

applygop: gqop,val,valjval,valy sal; 
applysop: sop,val,valyval val E Su" 


applyoop: oop,val,val,val,val,val,val,val,val SH sm 


applyrop: rop,val,val > val; 
applybop: bop,val >» val; 
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2 


Sr 


axiom 


a mop “coc noe”) vw = valofbool (not ( 
COTO DOOM P; 
applydop (booland() ,vl,v2) = valofbool (and ( 
acomete lvl, atomofboolítv2)) ); 
Een uou oobeuu7 0) — valofbool (or ( 
i romorfpool( vl) acomofbool(ç2)) ); 
applymop(natpred(),v) = valofnat (prednat ( 
atomofnat(v)) ); 
applymop(natsucc(),v) = valofnat(succnat ( 
atomofnat(v)) ); 
applydop(natsum(),vl,v2) = valofnat(sumnat( 
atomofnat(vl),atomofnat(v2)) ); 
applydop(natsub(),vl,v2) = valofnat(subnat ( 
atomofnat(vl) aeomofnat(v2)) ); 
applymop(intpred(),v) - valofint(predint( 
atomorint (v); 
applymop(intsucc(),v) = valofint(succint(- 
atomofint(v) ; 
applymop(intabs(),v) = valofint(absint ( 
abomofint(v); 
applymop(intntoi(),v) - valofint(ntoi( 
atomofnat(v)) ); 
cuo Moo Eom valLo£nat(iton( 
atomofint(v)) m; 
applydop(intsum(),vl,v2) = valofint (sumint ( 
denen vl)watomotint(v2)) ); 
applydop(intsub(),vl,v2) zs valofint(subint( 
atomofint(vl),atomofint(v2)) ); 
eet, deotunem!t() ,vil,v2) = valofint (mltint ( 
atomnotint (vil) aAcemeotimt(y2)) ); 
pac intdiv(), vyl, v2) = valofint(divint( 
i EE vibmWaklkomotime  (vç2)) ); 
applydop(intmod(),vl,v2) = valofint(modint ( 
EIS "A: 
applymop(charstrlen(),v) = valofnat(lenstr.char ( 
MOMO Str- cnar Vn 
applymop (charmakestr(),v) = valofstr.char ( 
makestr.char(atomofchar(v)) ); 
applymop (charheadstr () ,v) = valofchar (headstr.char ( 


atomófstr.char(v)) ); 
applymop(chartailstr(),v) = valofstr.char ( 
tallstpeachotmmotlokrstr.char(v)) ); 
applydop(charcatstr(),vl,v2) = valofstr.char ( 
catstr.char(atomofstr.char(vl), 
atomofstr.char (v2) 


m 


suu xesuintenspred(),v) z valofintens (| 
predintens(atomofintens(v); 
applymop(intenssucc(),v) = valofintens ( 


súuccinatenslatomerintens (v) ; 
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applydop(intenssum() , vlijw 2) F olor n r me 
sumintens(atomofintens (vl), 
atomofintens (v2) 
ys 
applydop(intenssub(),vl,v2) - valofintens( 
subintens(atomofintens(vl), 
atomofintens(v2) 
Ma 
applymop(colorredcompnt(),v) = valofintens ( 
redcompntkatomeneolor(yJ 0 O 
applymop(colorgrncompnt(),v) - valofintens( 
grncompnt(atonmnes elor (uv )>) 
applymop(colorblucompnt(),v) - valofintens( 
plucompnt (atomeot olor(v)) e 
applytop[colordef() ,v1l, 4215) = valemeotor | 
defcolor(atomofintens(vl), 
atomofintens(v2), 
atomofintens (v3.) 
ae 
applymop(pntxcord (yv) o e e mE Cora 
atomof£pnE(v)) i) 
applymop (pntycord(), 1) e si pt co Ou 
atomotpat (Ne 
applydop(pntloc() via “lein Ee FU 
atomofint(vl),aceomeon En“ EN 
applytopipntorfset() ovis) — Valor poen 
offsetpnt(atomofint(vl), 
atomofpnt(v2), 
ame Ome vs) 
DE 


applymop(rctorigin(),v) = valcfpmw (cu Ma'n | 
atomofrcti sma 
applymop(rctcorner(),v) - valofpnt(corner( 
acomofrcels mn 
applymop(rctxdim() 3 v7) = salerine(x<cdimmert 
acomotre r (v) mee 
applymop (retydin() EE 
atomofret (v pp 
applydop(rctarea(),vl,v2) = valofrct (area ( 
atomofpneE wl) aw merfpnt (vu 2) 
applydop(rctin(),vl,w2'W— alcnbood “| 
atomorpunt (vv FW GEOmO SE ) 
applydopi(rctdisj(),vl,v2b — valocrbco cis ree, 
atomortrotf(y le atenet semi.) 
applydop (retinc() vl. v O p Rulo crops corr o 
atomotret (ÇV ] e ]; 
applydop(rctput() v2 EE alc!pet 5 ES 
atomofpnt (vI atomo rro Ena 2 
applytop(rctshift(), vl, v2, Y?) = valorrct (shii Cra 


atomofine. voe 
atomofEl1rE s o 
atomotint (yea 
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app O LLDD (O — valofform(initform( 
AS Om EY CEI 7 


applymop(formfarea(),v) - valofrct(farea( 
atomofform(v)) ); 

al lOp». £Gemgetcoli ou O) vl,v2) = valofcolor ( 
Seucoler (Aacemotone yl) ,atomoftform(v2)) ); 

ENS sos tor IS V2) —- valofform(fillform( 
acemascel nl acomotr£ormgv2)e ); 

op lvcee | LOnmasercolor()),Vl,v2,v3) = valofform( 


EEN EE 
a mod on UU 2), 
atomofpnt (v3) 
aes 
a Gop“ mn = valotform( 
Miwon acanoncolor(vl) , 
atomofcolor (v2), 
atomofcolor (v3) 


oie: 


App Eet, ualoffont(initfont( 
aC omor reyv); 

PE WOT ONErCt(), v) = valofrct (rctfont ( 
cbemottont(tv)) s 

applymop(fontlen(),v) = valofnat(lenfont ( 
awcmotfont(v)) X; 

applydop(fontspmap(),vl,v2) = valofpnt(spmap ( 
atomo riel atomofpnt v2)) + 

applydop(fontpsmap(),vl,v2) = valofpnt(psmap ( 
Jecmorrce(vi) atomofpnt(v2)) ); 

app s ncn (vl; vv2)>= valofbool(infont( 


Ae@enOtlac vil) atomorront(y2)) ); 
applydop(fontdel(),vl,v2) = valoffont(delfont ( 


aeemortnaci( vil) atomoffont(v2)) ); 


applydop(fontgetfont(),vl,v2) = valofform(getfont ( 
atomofnat(vl),atomoffont(v2)) ); 
applytop(fontset(),vl,v2,v3) = valoffont(setfont ( 


AcCOMoOLfOnm (Vv L)- 
acomofnat (v2); 
aAtomoffont(y3) 
Jur 
pP op (ontorírf ser  vliiv2 vo, v4) = valofpnt ( 
Orrsebrtone(acemotintiyvl), 
atomoífimnmte (N2) , 
ar omo FE GY EV O db; 
atomofpnt (v4) 
ie 
applymop(ptbltgetsrct(),v) - valofrct(getsrct( 
atomonp ol m” 
a mc pea Leqetaree (77m aalorrce(getdrct l 
aeomorptb lt (vy) ) ie 
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applymop(ptbltgetcrct(),v) 
atomofotbbP 2 

applymop(ptbi tgec rue MM on a (a UU 
atomofptblt v sm. 


valofrcieetcrctt 


applydop(ptblesetsroem yy), E ues 
setsrct(atomofrct(vl);atomofptblt(v2 NEN 

applydop(ptbib9Ssecdmet(o) ee EE 
setdrct (atomofrct (v1) er Er e NEN 

applydop EE ee 


setcrctiatomofrct(vl) ,atGmoretblt(v2 ME 
applydopí(ptbltsetrule(),vi,v2) — vadotosibut ( 
setrule(atomofnat(vl),atomofptblt(v2)) ); 
applygop(ptbltcopv(),;vl,v2,v3,v4g valor tor 
copvblt(atomofptbitivius 
atcomoffoxrm v 25 
atomofform(v3), 
atomofform(v4) 
J). 
applysop(ptbltdrawline() ,vl,v2,v3,v4,v5,v6) = 
valofform(drawline(atomofpnt(vl), 
qesemotontis 20 
atomosbu tiv), 
Aac omor form va, 
some E omi v5 
atomofform(v6) 
Jes 
applysop (PEbl1EFonr (vul UD cs 
valottormtcopyreonelejrcomo ton tii) 
aon roc MV 
atomofnat(v3), 
atomoffon6 (v4) 
qtoməorform(v5), 
ac nno LOLO; 
3s 
applyoop(ptbltfontinv(),vl,v2,v3,v4,v5,v6,v/,v Ms 
valo££orm(inwcopyfonu(acomoreolor( lw 
atomofcolor (v ° P 
åätomofpne (vo P 
atomotptblt (vaa 
atomo rana 5)» 
atomostont(vo P 
atomorfform(v7)9 
atomofform(v8) 
DR 
applymop(pidsetlist.makenewlst(),v) = 
valofpidsetlist (pidsetlist.makenewlst ( 
atomofpidlist(v) 
ee /* database part */ 
applydop(pidsetlise tints e yy), 72) >= 
valofpidsetlist(pidsetlist.unlst( 
atomofpidsetlist(vl), 
atomofpidsetlist(v2) : 
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Bppiyeop veLasemlist.intlst(),vl,v2) = 
Valor plaset lise (prcasectlistsintlist ( 
atomofpidsetlist(vl), 
atomofpidsetlist(v2) 

IER 

applymop(valsetlist.makenewlst(),v) = 
valofvalsetlist (valsetlist.makenewlst ( 
EE EE 

applydop(valsetlist .unlsw@evl,v2) = 
valofvalsetlist(valsetlist.unlst ( 
atomofvalsetlist(vl), 
atomofvalsetlist(v2) 

Ims 

aeidobtvalsetidst EE VI v2) = 
atomofvalsetlist(valsetlist.intlst( 
atomofvalsetlist(vl), 
atomofvalsetlist (v2) 

DE - | 

amo piproplisttirstlist),v) = valofpidlist( 
propis ira l] (C O romo preplist(v)) ); 

sl ymop(proplist.restrclst(),v) = valofvalsetlist( 
P'am roc GU a aromo prOplist(v)) ); 

am EE EE vl, 2) = valofproplist( 
paoolase.cacist(ateomorpldlist (vl), 

atomofvalsetlist (v2) 

E 

applymop(propsetlist.makenewlst(),v) - 
valofpropsetlist(propsetlist.makenewlst( 
atomot prop Lis al W) 

applymop (propsetlist.sofirstlst(),v) = 
valofpidsetlist(propsetlist.sofirstlst( 
atomofpropsetlist(v)) ); 

applydop(propsetlist.unlst(),vl,v2) - 
valofpropsetlist(propsetlist.unlst( 
atomofpropsetlist(vl), 
atomofpropsetlist(v2) 

)); 

a Eeer 21 = 
valofpropsetlist(propsetlist.intlst( 
atomofpropsetlist(vl), 
atomofpropsetlist(v2) 

yn 

iua HIH sto) - valofpidlist( 
pvallaseeeiastlsomucteemerpvallist(v)) ); 

applymop(pvallist.restlst(),v) = valofvallist ( 
pvallist.restlst(atomofpvallist(v)) ); 

a p vall st cat ul V2) = valofpvallist( 
pyvotilt st. cacleetaeomorplialist(vl), 

atomofvallist(v2) 


Le 


2 


applymop(pvalsetlist.makenewlst(),v) = 
pvalsetlist.makenewlst(atomofpvallist(v)) ); 

applymop(pvalsetlist.sofirstlst(),v) = 
valofpidsetlist(pvalsetlist.sofirstlst ( 
atomofpvalsetlist(v)) ); 

applydop(pvalsetlist.unlst(),vl,v2) = 
valofpvalsetlist(pvalsetlist,unlst( 
atomofpvalsetlist(vl), 
atomofpvalsetlist(v2) 

)); 

applydop (pvalserhisrurnysh s On 2 F 
valofpvalsetlist(pvalsetlist.intlst( 
atomofpvalsetlist(v1), 
atomofpvalsetlist(v2) 

DS 


applymop(objlist.makenewlst(),v) - valofobjlist( 
objlist.makenewlst(atomofpvalsetlist(v)) ); 
applymop(objlist.makenewlst(),v) = valofpvalsetlist ( 
objlist.makenewlst(atomofobjlist(v)) ); 
applymop(objlist,sofirstlst(),v) = valofpidsetlist ( 
objlist.sofirstlst(atomofobjlist(v)) ); 
applydop(objlist.getlst() ,vl,;vz) = valofvallist( 


ob73list.getlst(atometony lists 
atomofpidlist(v2), 

JE 

applymop(classlist.makenewlst(),v) = 
valofclasslist(classlist.makenewlst( 
atomofoidsetlist( e 

applymop(classlist.sofirst.lst(),v) - 
valofpidsetlist(classlist.sofirstlst( 
atomofclasslist(v)) ); 

applydop(classlist.unlst(),vl,v2) - valofclassu p 
classlist-únlSsc (a onee Tass E 

atomofclasslist (v2) 

aF 

applydop(classlist.intlst(),vl,v2) = 
valorf£classlisr (closshris "an e ( 
atomofclasslist(vl), 
atomofclasslist(v2) 

)3 s 

applydop(classlist.catlst(),vl,v2) - 
valofclasslist(classlise- eae lee ( 
atomofclasslist(vl), 
atometcbyl Es o, 

DS 

applydop(classlist.delst(),vl,v2) - 
valofclasslist(classlist.delst( 
atomotoby listillo 
atomofclasslist(v2) 
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applymop (dblist.makenewlst(),v) = 
valofdblist(dblist.makenewlst ( 
atomofclasslist(v)) ); 

applymop(dblist.sofirstlst(),v) = 
valofpidsetlist(dblist.sofirstlst( 
atomofdblist(v)) ); 

apeiadonidolist. cation) ,vl,v2) = valofdblist ( 
dolis eael EE GEomordbliot (vl), 

atomofclasslist(v2) 

E 

applydop(dblist.delst(),vl,v2) = valofdblist ( 
dblist.delst(atomofclasslist(vl), 

atemetdablistiy2) 

lo 6 

zopivdopi(dblistoumbelsttovlv2) = 
valofpvalsetlist(dblist.intlst( 
atomofdbliste(vl); 
atomofclasslist (v2) 

D; 

meslvdop(dblrst.retobjlst(),vl,;v2) = 
valofobjlist(dblist.retobjlst( 
acomordbpliste (vii 
atomofpvallist(v2) 

as 

pul eoo(ablist.modlst() ,vl,;v2,v3)" = 
ado rdb Sc (cb I St, mod ls 
acomərdblist v 1 5 
atomofobjlist(v2), 
atomofpvallist (v3) 

ms /* database part */ 

relop(nat,eg); 

Fo lop (nat, gt) ; 

gelop(nat,1t) ; 

relop(int,eg); 

MIS Tit, ot) ; 

rewop(int,lt); 

relop(char,eg); 

relop(char,gt); 

Bemem (Str. char ,eq) ; 

Belew (str.char, gt) ; 

rel@p (intens,eq) ; 

relop(intens,gt) ; 

melep Rene, lt); 

relop(colorkeg); 

relop(pnt,eg); 

POOP pnt, gt); 

meme DDE, lt); 

relop(pnt,ge); 

relop(pnt,le); 
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relop(pidlist,eglst)s /* database parti 
relop(pidsetlist,eglst)ì; 
relop(vallist,eglst); 
relop(valsetlist,eglst); 
relop(propiy rn 7 = 
relop(propsetlist,eqlst); 
relop(pvallist,eqlst); 
relop(pvalsetlist,eqlst); 
relop (objlist,eqlst); 
relop(classlist,eglst); 
relop(dblist,eglst); 
relop(pidsetlist,memblst); 
relop(valsetlist,memblst); 
relop(propsetlist,memblst); 
relop(pvallist,memblst); 
relop(pvalsetlist,memblst) ; 
relop(classlist,memblst) ; 
relop(dblist,memblst) ; /* database part */ 
isops (bool) 

isops (nat); 

isops (inti 

1sops (char) ; 

isops (str. char) 
isops(intens) ; 
1sops(color) ; 

isops (pnt); 

isops (rcir 

isops (form); 

isops(ptble °“; 

1sops (font) ; 

isops (memid); 
isops(regid); 
isops(stkid); 
isops(dregid); 

isops (fid); 

isops (memaddr) ; 
isops(regaddr); 
isops(stkaddr); 
isops(dregaddr); 
isops(file); 

isops(mop); 

isops(dop); 

1sOps (top); 

isops(qop); 

isops(sop); 

isops(oop); 

isops(rop); 

isops(bop); 

isops(instr); 
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TSsops(prdlist.lst); /* database part */ 
isops (pidsetlist.lst); 
isops (vallist.lst); 
isops(valsetlist.lst); 
isops(proplist.lst); 
isops(propsetlist.lst); 
isops(pvallist.lst); 
isops(pvalsetlist.lst); 
isops(objdist.lst); 
isops(classlist.lst); 
isops (dblist.lst); /* database part */ 
end extend; 
end operators; 


spec instructions 
is 
extend 

natural, 

integer, 

memaddress, 

regaddress, 

stkaddress, 

dregaddress, 

operatorclasses, 

Bncepuctiontype, 

typing, 

qaddress 

with 

primitive 

Op 
Ome: > instr; 
extern: > instr; 
gebl: >+ instr; 
meegin: aa nstr; 
mend: > instr; 
oc YM, regaddr ,> ITnstr; 
lnk regaddr,nat > Instr; 
EE regaddr,nata1nstr. 
getdwin: dregaddr,regaddr > instr; 
setdwin: regaddr,dregaddr > instr; 
getmtr: mattribute,regaddr ser instr; 
Semmens Macttribwmte, regaddr > instr; 
modads: mop,regaddr > instr; 
monad: mep,regaddr,regaddr > instr; 
monadi: mop,val,regaddr > instr; 
dyads: dop,regaddr,regaddr + instr; 
dyadsi:dop,val,regaddr + instr; 
dyad Taop,regaddr ,regaddr  regaddr > instr; 
dyadi: dop,val,regaddr,regaddr > instr; 
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triads: top,regaddr,regaddr,regaddr > instr; 

triadsi: top,val,regqadex, ceqadad Sto, 

triad: top,regaddr,regaddr,regaddr,regaddr > instr; 

triadi: top,val,regaddr,regaddr regada = insta 

quads: gop,regaddr,regaddr,regaddr,regaddr > instr; 

quad: gop, regaddr,regaddr,regaddr,regaddr, 
regaddr > instr; 

sexads: sop,regaddr,regaddr,regaddr,regaddr, 
regaddr,recdgssdr > instr; 

sexad: sop,regaddr,regaddr,regaddr,regaddr, 
regaddr,regaddr,regaddr > instr; 

octads: sop,regaddr,regaddr,regaddr,regaddr, 
regaddr,regaddr,regaddr,regaddr > instr; 

octad: sop,regaddr,regaddr,regaddr,regaddr,regaddr, 
regaddr,regaddr,regaddr,regaddr > instr; 

movi m: val,memaddr » instr; 

movi per: val ante Se, 

movi r: val,regadd3r > Instr;: 

movi ri: val,regaddr > instr; 

movi EEE 

movi ridn: val, regadar nac, Int uci 

mov om. Te memaddr, memaddr > instr; 

mov m ema cena escis pi r. 

mov mi: EEN regaddr > instr; 

mov m rid: ene eee nn > E 

mov m _ridmz memaddr,regaddr nat int = P 

mov m. |d: memaddr, erm > SaaS te tar 

mov pcr pcr: TIC EES 

mov p r n. int ,regaddr NS El, 

mov per ET Ne) EFO O Tanoe; 

mov per rid: int; regaddr ait ten 

mov pcr. nidos 4nc,rcgacdu SE S 1 r 

mov pe: n d: Int dregaddgr > inetr: 

mov r m: regaddr,memaddr > instr; 

mov r por: regaddr,int mci 

mov Gs Vreddddr, regaddr > Mes 

mov or ¿El eegadda ec acielts se ems >. 

mov r rid: regaddar regaddr mies LS ele, 

mov r ridn: regáaddr regaddr mat Int mem ea: 

mov r go regaddr,dregaddr > Instr; 

mov ri m: regaddr,memaddr > instr; | 

mov ri per: regada ut 0. 

mov ri r: regaddi regaddr Minsa 

mov ri ri: regaddr,regaddr > instr; 

mov rl rid: regar yega r nn pi m. 

mov ri ridn: regadar red addr, macy anc encom 

mov ri d: regaddr,dregaddr > instr; 

mov rid m: regaddr,int,memaddr > inser; 

HOS EE EE EE 

mov rid r: regaqdr,imt rega "ms 

mov rid ri: regaddr,int,regaddr > instr; 


2M 


De fr n yc J EE Eeer DE instr; 

EE ge regaddr natyint + instr; 

no Ma regadar Mine, dregaddr > inskr; 

Meg add Nat, int, memaddr > instr; 

is ee gadd nat int, int > instr; 

moss nr re GS t — instr; 

EE EE EE > instr; 

EE EE EE EE EE + instr; 

EE EE ED > 
2 IS C a 

Nena F2gaddr uncyodregsddr --rnstr; 

mo a C regadqadr memaddr > instr; 

I Gregqadds, ne > Instr; 

e c dregaddr regaddr > instr; 

Dee EE EE 

ne meta: ddregaddr,regaddr,int > instr; 

uc MCN MEscgaddreregasdrnat,rxnmt > instr; 

Inner d udmegceadr,dregadds instr; 

pushti: Vides eisai instr; 

pus memaddr ,stkaddar > instr; 

pucmEPCcr: ¿nte setkaddr > instr; 

Pr regaddr sera ddr AOS tr; 

push ri: regaddr,stkaddr > instr; 

push rid: regaddr,int,stkaddr > instr; 

poa idn: megaddr, Mec, int, sekaddr > instr; 

pauta dregaddr,stkaddr > instr; 

DDR ° stkaddr — instr; 

pa sctkaddr,memaddr > instr; 

pes cr: sckaddr,int > instr; 

Fe mr sukadar,;regaddr > instr; 

EE: SERaddr regaddr + instr; 

papado stradar, regaddr,1nt > instr; 

sem idi: stkadar,regaddr,nat,ine > instr; 

pop d: stkaddr,dregaddr + instr; 

Meee instr; 

Seep tnstr; 

Jieeememaddr > instr; 

jmp i: memaddr > instr; 

jmp r: regaddr + instr; 

Bras int > instr; 

Diamine regaddr > instr; 

if: relop,regaddr,regaddr,memaddr SEMIS iC 

ifi: relop,regaddr,val,memaddr > instr; 

ifte: relop,regaddr,regaddr,memaddr,memaddr + instr; 

iftei: relop,regaddr,val,memaddr,memaddr + instr; 

a cetop, regaddr, regaddr,1int str; 

ifi per: relop,regaddr,val,int + instr; 

Bc cu elen megaddr regaddr,int,1nt > instr; 

ae ponte loo, regadde, val, 10t,1nt > instr; 

test: bop,regaddr,memaddr > instr; 

testm: bop,memaddr memaddr > instr; 
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teste: bop,regaddr,memaddr,memaddr > instr; 
testme: bop,memaddr,memaddr,memaddr > instr; 
test pcr: bop, regaddr ML TEE 

testm pcr: Dop, memada na M EI 

teste pcr: bop,regaddr,znt9unt > instr 
testme pcr: bop,memaddr,int,int - instr; 
jsr: memaddr,stkaddr > instr; 

Jsr 1: memadear/scK cc nS en 

jsr r: regaddr, stkadoark is em, 

bsr: int,stkaddr > instr: 

bsr r: eq ade peices cca e 

rts: stkaddr +> instr; 

open: stkaddr > instr; 

close: stkaddr > instr; 

read: stkaddr > instr; 

write: stkaddr > instr; 

/* database part */ 
write 15 val qa quc /* write to queue */ 
write m: memadar conu HC 
write r: regaddr qaddi e INSE 
delete x: gadr EEN W^ delete value 

from queue */ 
delete Mm: Beccles. NUS 
delete rige UC 
read m: gqaddr,memaddr > anstr; Z* Y value TP 
queue */ 
read r: qaqqr EE 
open: val > instr; /* open database */ 
close: val > instr; /* close database */ 
/* database part */ 
end extend; 
end instructions. 


spec amstate 
is 
extend 

boolean, 
natural, 
integer, 
Strechareypoe, 
memaddress, 
regaddress, 
stkaddress, 
dregaddress, 
files, 
identifiers, 
typing, 
qaddr, 
db 


sort 


state; 

primitive 
fetchm: memaddr,state > val; J 
fetchr: regaddr,state > val; F 
fetchd: dregaddr,state > val; /* 


fetchdwin: dregaddr, state > val; 


ye 
fetchmtr: mattribute,state > val; 
= 
storem: val,memaddr,state > state; 


Score EE > state; 


memory */ 

register */ 

display register */ 
display window */ 


monitor attribute */ 


stored: val,dregaddr,state > state; 


storedwin: val,dregaddr,state > state; 
storedmtr: val,mattribute,state > state; 
initam: > state; in itialize 

machine */ 
initstk: stkaddr,state > state; 

/* initialize stack */ 
topstk: stkaddr, state > val; cop val of 

Stack */ 
pushstk: val,stkaddr,state > state; 

ush stack */ 
popstk: stkaddr,state > state; /* pop stack */ 

d "nat, state > menta; /* get memory block 
from heap */ 
lfree: memid,state > state; /* free memroy block */ 
indir: nat,memaddr > memaddr;  /* memaddr for n 
levels of 
ir OC LO X 
infile: file,state > val; r ad from file */ 
outfile: val,file,state — state; 

te to file */ 
epentile: str:char, tile,int,1nt,state >_ state; 

Open Lile */ 
closefile: file,state > state; /* close file */ 
EMOS TAS Imt. /* read mode */ 
wmode: > int; “FE mode */ 
rwmode: — int; /* read/write mode */ 
Openers. > int; “pen error */ 
openosc TIE "E Sembok */ 
puse NET /* file ops w/ AM 

s data) ~/ 
ehardata: => int; /* file ops w/ 
character data */ 

/* database part */ 
ec. gaddar, statem Stato: Zë initialize queue */ 
PoE addr State Val: m read Front value 


from queue */ 


write: val,qaddr,state > state; 


X 


delete: qaddr,state > state; E 


open: db,str.char,state > state; 
/* 
close: db,str.char,state > state; 
pas 
PAS 
hidden 


write to queue */ 
delete front value 
from queue *4 


Open database */ 


close database */ 
data base part */ 


op 


/FFXKRRRARRAARAAAAAAENRAERAANARAAEAR ARE AA 


* actrve — "Goe ll 

* true when memory block is allocated w/ lalloc 

* false initially and after memory block 
released with lfree 

* used to prevent offsetting into non- 
allocated memory 

7 


active: memid,state boo, 


axiom 


if whattype(v) != formtype() then 
stored(v,a,q) = undef; 
endif; 
if whattype(v) != pnttype() 
storedwin(v,a,q) = undef; 
endif; 
if whattype(v) 
then 
storemtr(v,xpixels() 
storemtr(v,ypixels() 
storemtr(v,hscrnsize ( 
( 
( 
( 


then 


I> nattype() 
e 
, q 


) 
storemtr(v,vscrnsize() 
storemtr(v,intenscapbl 
SEoremtr(v, coloreape im 

endif; 

if whattype(v) != colortype() 
storemtr (vy,backgnd()jq) = 

endif; 

if whattype(v) !- dregaddr() 
storemtr(v,dselect(),q) = 

endif; 

topstk(s,initstk (s) 

popstk(s,initstk(s) undef; 

popstk(s,initam()) undef; 
stateaxioms (m,memaddr) ; 
stateaxioms(r,regaddr); 
stateaxioms(d,dregaddr); 
stateaxioms(dwin,dregaddr); 
stateaxioms(mtr,mattribute): 


) 
| 
l 
| 


then 
undef; 


then 
undef; 


undef; 


) 
) 
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topstk(s,pushstk(v,s,q)) = v; 
popstk(s,pushstk(v,s,g)) = q; 


ac cm nam) ) = false; 
qemmyewlalloc(n,d),q) = true; 
active(m,lfree(m,q)) = false; 


active(m,storer(v,a,q) ) 
active(m,storem(v,a,q) ) 
active(m,stored(v,a,q) ) 
active(m,storedwin(v,a,q)) = active(m,q) ; 


( 

( 

( 

( 

( 

( Be Paso myc) a 

( ( 

( 

( 
active(m,storexscrnsize(v,a,q) ) active(m,q) ; 

( 

( 

( 

( 

( 

( 

( 

( 

( 

( 


active (m,q) ; 
active (mig); 


uH MH M 


active(m,storeyscrnsize(v,a,q)) - active(m,q); 
active(m, storeintenscapbl(v,a,q)) =,active(m,q); 
active(m,storecolorcapbl(v,a,q)) = active(m,q) ; 
detine (m storebackegnd(v,a,q)) = activelm,q); 


active(m,storedregaddr(v,a,q)) -» active (m,q); 

active(m,initstk(a,q)) = activelm,a); 

uc (m pushstk(v,a,qg)) = active(m,g); 

active(m,popstk(a,q)) = active(m,q) ; 

activewm,ouctile(v,£,q))) = active(m,q) ; 

active(m,openfile(s,f,x,y,q)) = active(m,q) ; 

active(m,closefile(f,q)) = active(m,q); 

if active(m,q) = false() then 
fetchm(offset(n,m),q) = undef; 

endif; 

if active(m,q) = false() then 
storem(offset(n,m),q) = undef; 

endif; 

nec (a i ntol(n2)) = true() 

then 


Sreeetim,oLtset (nl ,startmemacdar ( 
falloc(n27q)) jo = 
offset ( 
sumsmetcpnopnli i 
startmemaddr(lalloc(n2,q) ) 
fe 


else 
offset(n,offset(nl,startmemaddr(lalloc(n2,q)) )) = 
undef; 
Iina Aa eronat) mM SeS M; 


if whattype(fetchm(indir(n,m),g)) = typememaddr() 
then 
nmusmMicueenatin) un) = atomormemaddr ( 
Ferehm(indieg(n,m),q)); 


else 

ai sucocnatíin),m) = undef; 
endif; 
openfile(s,f,n,openfile(s,f,m,x,q)) = undef; 
closefile(f,openfile(s,f,n,x,q)) = q; 
EE EE Ee Eet 
Eeer = undef; 
infile(f£f,openfile(s,f£,wmode(),x,q)) = undef; 
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outfile(v,f,srxnitamo HT 
outfile(v,f,close(f,q)) = undef; 
outfile(v,f£,o0penfile(s;£7umede (x) — E 
outfile(f,openfile(s,f,m,chardata(),q)) = undef; 


read (qu, initg(qu,q) ) 
delete(qu,initam() ) 


delete (qu,write(v,qu,initgq(qu,q) ) ) 
read (qu,write(v,qu, initq(qu,qd) )) 


delete (write (v,qu,initq())) 
delete (write(v,qu,q)) 


if noc DH EU 
then 


read(gu,write(v,gu,g)) 


endif; 
active(m,initg(a 
active(m,write(v 


active(m,delete(a,g)) 
active(m,open(s,d,g)) 


active(m,close(s 


end extend; 
end amstate; 


spec displaywindow 
is 
extend 
rectangle 
dregaddress 
with 
primitive 
Op 
dwin: 
axiom 
xdimrct (dwin(a) ) 
ydimrct (dwin (a) ) 
origin (dwin (a) ) 
end extend; 
end displaywindow; 


dregaddr > 


/* database part */ 
/* qu: queue $4 


E 


undef; 
undef; 


state */ 


NV" 
= V; 
dit tee: 
write(v,qu,delete(qu,q)); 
= true() 


read(qu,q) ; 


active(m,g); 
active(m,g); 
active (m og): 

active(m,q); 


Ju. Ee 


Sep 
a q) 


string charm 


rar ace 
/* d: database */ 
/* database part */ 
Lot” 


[DISPLAYSIZE] succint (zeroint()); 
[DISPLAYSIZE]succint(zeroin “FT 
atomotpDn—u Ee mdwan | ca 
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spec am 
is 
extend 
memaddress, 
instructiontype, 
typing, 
amstate 
with 
primitive 
Op 
/ k kk k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k 
* prog - AM execution 
* corecursive - calls xeq 
ay 
prog: memaddr,state > state; 
hidden 
Op 
/ k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k 
* cond - implements conditionals 
* returns one of two input memaddrs 
based on bool value 
d 
cond: val,memaddr,memaddr +> memaddr; 
f R*Wkxk Ak Ax k k ko k ok kokckck ck ck kckokck ck ck ck kckock ck kX XX XK xk 
E o ueorccl5sivessunctron 
mc IS Prog 
a cc i O eU On 


E d 

xeq: instr,memaddr,state > state; 
axiom 

prog(a,q) = xeq(atomofinstr(fetchm(a,q),a,q)); 
condivalorteocol(true()),al az) = al; 
conmsusalotboolitalse()),al,;a2) = a2; 
Lea EE r), m, qg) = 

prog ( 

nextmemaddr(m), 


storer ( 


valofmemaddr (offset(i,atomofmemaddr ( 
rerclr (r g) ESSE 
I, 
q 
) 
E 
paca ipm T rm, gs 
prog ( 
nextmemaddr (m) , 
storer ( 
valofmemaddr(startmemaddr(lalloc(n,q)) ), 
I, 
storem( 
felchr(r CO 
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startmemaddr (lalloc(n,q) ,q) 
) 
) 


xeg(unlink(r),m,q) = 
prog ( 
nextmemaddr (m), 
lfree ( 
getmemid (atomofmemaddr (fetchr (r,q)) ), 
storer ( 
fetchm(atomofmemaddr (fetchr (r,q)),a), 
dU 
q 


) 
Ju 
xeg geu AS 
prog ( 
nextmemaddr (m), 
storer ( 
EE 
I, 
q 
) 
E 
xeq(setdwin(r,d),m,q) = 
prog ( 
nextmemaddr(m), | 
storedwin ( | 
fetch (r oe | 
e 
q 
) 
Mes 
xeg (getmtr(t, 1. mio) = 
prog 
nextmemaddr(m), 
storer ( 
fetehmenr (ie a 
I, 
q 
) 
IS 
EE m s 
Dog 
nextmemaddr (m), 
storemtr ( 
ferchr(r so ys 
| ss. 
q 
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xeq (monads(o,rl),m,q) = 
prog 
nextmemaddr (m), 
storer ( 
applymop ( 
O, 
Bemchrorli dq) 


E bt 
q 
) 
e 
xeg (monad(o,rl, r2), m, gq) = 
prog ( 
nextmemaddr (m), 
storer ( 
applymop ( 


O, 
mc I EC) 


dq s 
q 
) 
) ; | 
xeq (monadi(o,v,rl) ,m,q) 
prog ( 
nextmemaddr (m) , 
storer ( 
applymep (oe, vi, 
ge 
q 


) 
IR 
EE EE emgoen 
prog ( 
(nextmemaddr (m) , 
storer ( 
applydop ( 
O, 
fo chy rg M 
rfetchr ro g) 


L 2; 
q 
) 
E 
xeg(dyadsi(o,v,rl),m,g) - 
Ec 
nextmemaddr (m), 
storer ( 
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applydop ( 
O, 


V, 
he Celie ios lane) 


mdr. 
q 
) 
E 
xeq(dydacdie vl 52 rou E 
prog ( 
nextmemaddr (m), 
storer ( 
applydop ( 
O, 
recchr (r ls z 
fetchr(r2,q) 


Y 
q 
) 
y'u 
xeg (Gyaqi il sm aR 
prog ( 
nextmemaddr (m), 
storer( 
applydop( 
O, 


V, 
Ltetehr ome) 


EZ 
q 
) 
Js 
xeq(triads(o,rl,r2,re Mm E s 
prog ( 
nextmemaddr (m), 
storer ( 
applytop ( 
O, 
Ee cM 


eu chu 7 ce 
Leuchrcr3eg) 
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SW i dc O, Vv Er 2 Wc) 
Prog 
nextmemaddr (m), 
storer ( 
applytop ( 
O, 


V, 
Ot Chr (rl, cos, 
Lech Ur g) 


Es 
EE Eer — 
prog ( 
nextmemaddr(m), 
storer ( 
applytop ( 
O, 
petercrls 
iste Y 2. cd), 
Fetcrir (Sal 


WES 
keg(triadilo v r2 r M) 
prog ( 
nextmemaddr(m), 
storer( 
applytop( 
O, 
V, 
fepehporibdg) 
£esenr(r2,c) 


e 
Ee 0:253 557] ma) 
prog ( 
nextmemaddr (m), 
storer ( 


applygop( 


O, 

retenus 
fetch (eZ ce 
Pee Chis (irs, Gly 


- 
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fetchr (r4,q) 


Edo 
q 
) 
ys 
xeq(quad(io,rl,r2,r39r49 mm = 
prog ( 
nextmemaddr (m) , 
storer ( 
applyqop ( 
O, 
feucmomi c 
fet hr c 
fetelirir3, gq) 
fetchr (r4,q) 


Lë 
xeq(sexads)o,rlj5n20 m9 uu pomo S 
prog ( 
nextmemaddr (m), 
storer( 


applysop( 


O, 
reconr(rluq), 
tetobm Ed 
feucht rs c 
rtectchr(5nd 
tftetchr (r Sma 
£etchru Gw 


xeg(sexadio, Ll, r3,r4 5 m CE 
Prog 
nextmemaddr (m), 
storer ( 


applysop ( 


O, 

fer Chae 
fetchr 
fetchr 
tetcmE 
fetcn' 
fetchr 


a 
M CMM 
Y >c 
r4,q), 
Si 
Opa) 


PW a km, y ym A 
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MecOeceacoe, tt ,r2,15,14,ro,60,F!,68),m,q) = 
prog ( 
nextmemaddr (m), 
storer ( 


applyoop ( 


O, 
Eetchn dq 
[etse I 2b crus 
penses qu 
fetchr(r4,q), 
fetchr ( -" 
TGT 
dee T 
fetchr(rg,qg) 


“cu O 2 o, CAES, EOS, 7,190,159), ,m,0)= 
prog ( 
nextmemaddr (m) , 
storer ( 


applyoop ( 


O, 

fetchr ( ) 
fetchr(r2;,qg) 
fetchr (r a) 
fetchr(r4,q) 
met eh (i> qu 
fetchr(r6,q) 
fe bel (ig) 
Lobtohr (Fro) 


xeq(movi m(v,ml),m,q)- 
pod 
nextmemaddr (m), 
storem(v,ml,g) 
E 
xeq(movi pcr(v,i),m,q)- 
puso SÉ 
nextmemaddr (m), 
storem ( 
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Vy 
offset(i,m), 
q 
) 
IS 
xeq(movi r(v,r),m,q)- 
prog ( 
nextmemaddr(m), 
storem ( 
V, 
offset(i,m), 
q 
) 
y 
xeq(movi r(v,r),m,q)= 
prog (nextmemaddr (m) ,storer (v,r,q)); 
xeq(movi ri(v,r),m,q)- 
prog ( 
nextmemaddr(m), 
storem ( 
V, 
atomofmemaddr (fetchr(r,q)), 
q 
) 
IS 
xeq(movi rid(v,r,n),m,q)- 
pog 
nextmemaddr(m), 
storem ( 
V, 
offset ( 
n, 
atomofmemaddr (fetchr(r,q) ) 
kb 
q 
) 
| 
xeg neur rrgdn(vouserilu 20 Me 
prog ( 
nextmemaddr (m), 
storem ( 
V, 
offset ( 
2125 
Prag ( 
il, 
atomofmemaddr(fetchr(r,g)) 
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xeq(movi_d(v,r),m,q)= 
"E ow Store, au: 
xeq(mov m m(ml,m2),m,q)- 
prog 
nextmemaddr (m), 
storem( 
fetchm(ml, q), 
m2, 
q 
) 
IR 
CI (mov m r (mi, r) mp) = 
prog (nextmemaddr (m) ,s tons feceham (ml ,a) ,1,9)); 
xeq(mov m ri(ml,r),m,q)- 
po 
nextmemaddr(m), 
storem ( 
fetchm(ml,q), 
atomofmemaddr (fetchr (r,q)) 
e 
E 


xeq(mov m rid(m,l,r,n),m,q)- 


prog( 
nextmemaddr (m), 
storem( 
fetchm (ml Ben) , 
offset( 
n, 


atomofmemaddr(fetchr(r,g)) 


); 
q 


) 
E 
IHH Eeer 
prog 
nextmemaddr (m), 
storem( 
fEetchm mE g); 
offset ( 
le, 
a UU 
il; 
atomofmemaddr (fetchr (r,q)) 


) 
Jor 
xeg(mov pcr pcrí(il,i2),m,q)- 
prog 


Duos 


nextmemaddr (m), 
storem( 
fetchm(ofstset(o Re 
Oftfset(or2o0m m 
q 
) 
nc 
xeq(mov pcr r(i,r),m,q)- 
prog ( 
nextmemaddr(m), 
storer ( 
fetchm(offset(i,m),q), 
r; 
q 
) 
p 
xeq (mov pcr rzi(i,r sm — 
Prog) 
nextmemaddr(m) , 
storem ( 
fetchm(offset(i,m),g), 
atomofmemaddr(fetchr(r,g)), 
q 
) 
Yn 
xegimov per rìad(ilar im, a 
prog( | 
nextmemaddr (m), 
storem( 
fetchm(offset(il,m),q), 
offset ( | 
227 | 
atomofmemaddr (fetchr (r,q)) 


- — —- — - 


) 
d 


) 
y 
xeq (mov pcer'ridn( (il r in a = 
prog ( 
nextmemaddr (m), 
storem( 
tetchm(ottseties mS 
offset( 
i23 
indir ( 
n, 
atomofmemaddr (fetchr (r,q)) 


— 
"- 


D 


xeq(mov m d(ml,r),m,q)- 
prog (nextmemaddr (m) ,stored(fetchm(ml,q),r,q)); 
xeg(mov_r m(r,ml),m,g)- 
prog (nextmemaddr (m) ,storem(fetchr(r,q),ml,q)); 
e mo. pos das 
prog ( 
nextmemaddr (m) , 
storem ( 
BEECH Et eee 
offset(i,m), 
q 
) 
Ne 
xeg( moy y rrio qe 
prog (nextmemaddr(m) ,storer(fetchr(rl,g),r2,q)); 
xed (moy r rilrlr2);m,q)= 
prog ( 
nextmemaddr (m), 
storem( 
Leech (rl cc 
atomo fmemaddr (fetchr(r2,q)), 
q 
) 
e 


e MOV E£ ricis] ,r28m) mug - 


prog ( 
nextmemaddr(m) , 
storem ( 
Eeer 
offset( 
n, 


atomofmemaddr(fetchr(r2,g)) 
n 
q 


) 
JE 
Mech ett /a)= 
prog( 
nextmemaddr (m), 
storem( 
setos 
offset ( 
2 
SC Cer 
NN 
atomofmemaddr (fetchr (r2,q)) 
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xeq(mov_r_d(rl,r2) ,m,q)= 
prog (nextmemaddr(m) ,stored(fetchr(rl ,q) ,r2,q)08 
xeq(mov ri m)r,m1),m,q)- 


puo 
nextmemaddr (m), 
storem ( 
fetchm(atomofmemaddr(fetchr(r,q)),q), 
mn Ur 
q 


) 
IR 
xeq(mov ri pcr(r,i),m,q)- 
prog ( 
nextmemaddr(m), 
storem ( 
fetchm(atomofmemaddr(fetchr(r,q)),q), 
offset(i,m), 
q 
) 
15 


xeq(mov_ri,r(rl,rq)m,q) = 


prog ( 
nextmemaddr (m), 
storer( 
fetchm(atomofmemaddr(fetchr(rl,q)) ), 
EZ 
q 


) 
IER 
xeq (MOV ric rilrl, 22) eine) = 
prog ( 
nextmemaddr(m), 
storem ( 
fetchm(atomoftmemaddr (fetchr(cl,q) SU 
atomo fmemadar ( 
fetcnr(r2,q) 
ës 
q 


) 
E 


eq (mov ri rid)rl,r2 m ss s 


prog 
nextmemaddr (m), 
storem( 
fetchm(atomofmemaddr(fetcnhrirl,g)) rc 
offset( 
n 


atomofmemaddr(fetchr(r2,q)) 
lu 
q 
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COMO rO rr2,11,12)m,q)= 
Prog 
nextmemaddr (m), 
storem( 
fetchm(atomofmemaddr(fetchr(rl,q)),q), 
offset( 
12; 
indim 
d 
atomofmemaddr(fetchr(r2,q)) 


) 
yes 


zegd mov riari r2), mq)" 


prog ( 
nextmemaddr(m), 
stored ( 
fetchm(atomofmemaddr(fetchr(rl,q)) ), 
r 22 
q 


) 
Jis 
pM mov rudemitcpusmib). , m,q)- 
prog ( 
nextmemaddr(m), 
storem ( 
fetenm ( 
offset ( 
SR 
atomofmemaddr (fetchr (r,q)) 


i 
xcu tT 12),m,q)- 
prog 
nextmemaddr (m), 
St OTO ( l 
fetchm( 
offset( 
Sek 
atomofmemaddr (fetchr(r,q)) 
I 
q 
) y 
Gr iSset( (12 mos 
q 


25 


) 
E 
xeq (mov rid r (rili,mn ro pa Q 
prog ( 
nextmemaddr(m), 
storer( 
fetchm ( 
offset( 
n, 
atomofmemaddr (fetchr (r1,a)) 


ye 
xeq (mov rid ri(rl,1 B2 m sn 
POSI 
nextmemaddr (m), 
storem( 
fetchm( 
offset( 
l, 
atomofmemaddr (fetchr (r1,])) 
"m 
q 
JE 
atomofmemaddr(fetchr(r2,q)), 
q 
) 
I 
xeq (mov ridirrd (rip mr 


prog ( 
nextmemaddr(m), 
storem ( 
rerenm( 
offset ( 
qd 
atomofmemadar (fetchr (r1,a)) 
J; 
q 
D 
offset ( 
ER 


atomotmemaddpiietchr(127q)) 


— 
"am 


) ; 
xeq (mov rid ridn(rl,1!7 5208 OMM E 
prog( 
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nextmemaddr(m), 


storem ( 
fetchm ( 
offset ( 
L 
atomofmemaddr(fetchr(rl,g)) 
) , 
q 
E: 
offset( 
O 
indir 
Y 
atomofmemaddr (fetchr (r2,q)) 
) 
) 
q 


) 
Js 
xeq(mov rid d(rl,n,r2),m,q)- 
prog 
nextmemaddr (m), 
stored ( 
fetchm ( 
offset ( 
I | 
atomofmemaddr(fetchr(rl,q)) 


xeg(mov ridn m(r,n,i,ml) ,m,q)= 
prog ( 
nextmemaddr (m), 
storem ( 
fetchm ( 
offset ( 
1, 
dci ( 
n,atomofmemaddr(fetchr(r,q) ) 


) 


calmo ridn per (em, THE e 
prog ( ° 


25 


nextmemaddr (m) , 


storem ( 
fetchm ( 
rcc 
HE 
Indir, 
n, 
atomofmemaddr (fetchr (r,q)) 
) 
), 
q 


) 4 
offset (12m, s 
q 
) 
dee 
xeg (mov ridn r(rl,1i1l,12,52) M4 
prog ( 
nextmemaddr (m), 
storer( 
fetchm( 
offset( 
3329 
indigi 
Tl 
atomofmemaddr (fetchr(rl,q)) 


O = 


YG 
Y 
) q 
J: 
xeq (mov, ridn riri, ill i2 r Pm H 
prog ( 
nextmemaddr (m) , 
storem ( 
fetchm ( 
offset ( 
129 
indir 
DLS 
atomofmemaddr(fetchr (rl,q) ) 


), 


q 
m 
atomofmemadar ( 
Lecchr 4p 7a) 
py 
q 
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== 


“cm dn Yd nl, Ui 2, r2,13) ,m,a) 


prog( 
nextmemadar (m) , 
storem ( 
fetchm ( 
offset ( 
len, 
dal 
Ed 
atomofmemaddrí(fetchr(rl,q)) 
) 
jm 
q 
m 
offset ( 
O 


atomofmemaddr (fetchr(r2,q) ) 
ye 
q 


) 
fe 


EE EE E ffe Il e 


prog ( 
nextmemaddr (m) , 
storem ( 
fetchm ( 
offset ( 
os 
JOEY CIIM NN 
dil 
atomofmemaddr (fetchr(rl,q) ) 
) 
) 
q 
ye 
offset( 
i4, 
indir, 
Loe 
atomofmemaddr (fetchr (r2,q)) 
) 
(e 
q 


) 
Is 
hecho seran Ets 
prog 
nextmemaddr(m), 
stored ( 
fetchm ( 
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offset ( 
SE 
SE L 
qu 
atomofmemaddr (fetchr(rl,q) ) 
) 
E 
q 
hs 
L 25 
q 


IS 
xeq (mov d m rumi mao 
prog (nextmemaddr (m) ,storem(fetchd(r,q) ,ml,q)); 
xeq (mov_d pcr(r,i),m,q)= 
Prog. 
nextmemaddr(m), 
storem ( 
fecto p c 
Offset m) , 
q 
) 
n 


xeq(mov d rí(rl,r2),m,q)- 


prog (nextmemaddr (m) ,stcorer (fetchd(rl,q);r2 IBRD 


xeq (mov d 'ri(rl;r]) m e 
prog 
nextmemaddr(m), 
storem ( 
fetohd Ede) 
atomofmemaddr(fetchr(r2,q)), 
q 
) 
y 


xeq (mov d rid(rl, s271), mT 


prog ( 
nextmemaddr (m), 
stroem( 
fetcha risa z 
offset ( 
n, 


atomo fmemaddr (fetchr (r2,q)) 
e 
q 
) 
LS 
xeg(mov.d rientel, a UN C = 
prog 
nextmemaddr (m), 
storem ( 
PEtCha (elie 
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offset ( 
ae 
indir 
115 
atomofmemaddr (fetchr (r2,q)) 


— 
- 


) 
y 
xeq(mov d d(rl,r2) ,m,q)= 
prog (nextmemaddr(m) ,stored(fetchd(rl,q) ,r2,q)); 
xeq(push_i(v,s) ,m,q)= 
prog (nextmemaddr(m) ,pushstk(v,s,q)); 
“a pun gc (Sm a) — 
prog( 
nextmemaddr (m), 
pushstk( 
fetchm(offset(i,m),q), 
S, 
q 
) 
IS 
xeq (push r(r,s) ,m,q)= 
prog (nextmemaddr (m),pushstk(fetchr(r,q)s,q)); 
EE EE EE S) mo = 
prog ( 
nextmemaddr (m), 
pushstk ( 
fetchm(atomofmemaddr(fetchr(r,q)),q), 
Sy 
q 
) 
Le 
xeq (push rid(r,n,s),m,q)= 
prog ( 
nextmemaddr (m), 
pushstk( 
Term 
offset ( 
n, 
abomemmemadan(fetchr(r,q) >} 


) ; 
xeg(push ridn(r,il,i2,s),m,g)- 


SR 
nextmemadar (m) , 


Zo. 


pushstk ( 


fetchm ( 
offset ( 
NW 
indiri 
Ii, 
atomofmemaddr(fetchr(r,q)) 
) 
| 
q 
| 
S, 
q 


je 
xeq (push d(r,s),m,q)= 
prog (nextmemaddr(m) ,pushstk (fetchd(r,q),s,q)); 
xeq (pop x(s) ,m,q)= l 
prog (nextmemaddr(m) ,popstk(s,q)); 
xeq(pop m(s,ml) ,m,q)= 
prod 
nextmemaddr(m), 
popstk ( 
S, 
storem( 
topstkK (Sql 
mE, 
q 


) 
n 
xeg (pop peer(s, 4) 0747 — 
prog 
nextmemaddr(m), 
popstk ( 
S; 
storem( 
tops toa), 
offset(i,m), 
q 


) 
n 
REQ (p@p r Sur) sm s) = 
prog 
nextmemadarím), 
popstk ( 
S, 
storer ( 
topstkts, qi. 
r, 
q 


2 


) 
Jus 
Sequyeemari(s,r) ,m,q) = 
prog ( 
nextmemaddr (m), 
popstk ( 
S, 
storem ( 
topstk(s,q), 
atomofmemaddr (fetchr (r,q)), 
q 


) 
J; 
me NEE 
prog ( 
nextmemaddr (m) , 
popstk ( 
S, 
storem( 
POD oe isq), 
offset ( 
n, 
atomofmemaddr (fetchr (r,q)) 
) , 
q 


) 
E 
ze Poper idn(S, E, il, l2) 1049) = 
prog ( 
nextmemaddr (m), 
popstk( 
S, 
storem( 
Goes US 
offset( 
ee 
ML 
Diz 
atomofmemaddr(fetchr(r,q)) 


jas 
xeq(pop d(s,r),m,q)- 
prog( 
nextmemaddr (m), 
popstk ( 
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S, 

stored ( 
topstk(s,q), 
Cy 
q 





) 
ee 


xeq(nop,m,q) = prog(nextmemaddr (m) ,q) ; 


) 
xeq(stop,m,q) = prog(m,q) = q; 
xeq (gmp (mi) 7m, PAP a) 
xeg(jmp i(ml),m,g) = prog latomofmemaddr (fetchm(ml ,q)) MN 
xeq(jmp zc q) = prog(atomofmemaddr(fetchr(r,;q)) 90m | 


xeq (bra (n) ,m,q) prog(offset(n,nextmemaddr (m)),q); 
xed (Dran: m, ES —> prog(offset(atomofint(fetchr(r,G 
nextmemaddr(m)),q); 
xeq (if (o, rl; r2; m 
prog ( 
condi 
applyrop( 


O, 
fetchr(rl,q), 
£f£etchr(r2 g > 
nE 
nextmemaddr (m) 
or 
q 
ns 
xed EL OE mi me = 
prog 
cond 
apply ropi 
O, 
Foto ee 
M 
1 
mi; 
nextmemaddr (m) 
jm 
q 
De 
xeg((i£tet(o,r Llr m1.m2)5 0905 
proci 
condal 
applyrop ( 


O, 
berchir E 
FetchrtrZ ay 

^ 

mE 

m2 
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) , 


q 
E 


EE, m qg)= 


prog 
condi 
applyrop ( 
O, 
fetchr (Trd) 
V 
lic 
ml, 
m2 
MW 
q 
Ja 
CMS o, Ll, 240). m9) = 
prog ( 
Condi 
applyrop ( 
O, 
fetchr (rl,q) 
fetchrí r2; 
H 
offset(n,nextmemaddr(m)), 
nextmemaddr (m) 
dy 
q 
E: 
SSL EE a a S 
Prog 
cond ( 
applyrop ( 
O, 
fetcnr (r 9); 
u 
y, 
offset (n,nextmemaddr (m)), 
nrxtmemaddr (m) 
) ; 
q 
Y 
xed iTe ec Lum) 
DEO 
Gomer 
applyrop ( 
O, 


Tere hi tia 
Letchr (er 2a) 
e 


offset(il,nextmemaddr(m)), 


265 


offset(i2,nextmemaddr (m) ) 
), 
q 
J; 
xeq(iftei pcr(o,r v EE 
prog ( 
Gon 
applyrop ( 


O, 
Foro (E 46 , 
V 


F 
offset(il,nextmemaddr (m) 
offset(i2,nextmemaddr (m) 
Y 
q 
E 
xeq (test (o, rl, mi) mg) 
prios 
cond( 
appl ybop(0, Fetch ea ia), 
Indus 
nextmemaddr (m) 
) ; 
q 
E: 
xeq(testm(o,m2,m1),m,q)- 
progt 
Condi 
applybop (O; fet Clim i m2 c NP 
Inde 
nextmemaddr (m) 
Du 
q 
IS 
xeq (teste(o,rl,ml;m2) mM S 
prog(cond(applybop(o,£etch(rl,g)) ml mo c EE 
xeq(testme(o,m3,ml,m2) ,m,q)- 
prog (cond (applybop(e,fetehm(m3 ,q)) ,ml7m2) yam 
Xeg(test por(O, I — 


I 
) 


prog ( 

Coma 
applybopio,fetchrsc a 
offset(n,nextmemaddr(m)), 
nextmemaddr (m); 

) 

q 

E 
xeg (tesm pcr(o,m2 Mes 
Progi 
CONA 


appl ybDop (o, -eeechm (m2, 4) ), 
offset(n,nextmemaddr(m)), 
nextmemaddr (m) 
n. 
q 
ZE 
cem teste pcr (orri 2) We) — 
prog ( 
conce 
cuo Sao oreste cuidada descr) 
offset(il,nextmemaddr(m)), 
offset(i2,nextmemaddr (m) ) 
) > 
q 
Ju 
Keq\eCsem= peu (o,lzZ2,21,12—m,cq) = 
prog | 
cond ( 
applybop (o, ,fetchmim3,q)), 
offset(il,nextmemaddr(m)), 
offset(i2,nextmemaddr (m) ) 
ës 
q 
y 
pom s).m,q)s 
prog (ml,pushstk (valofmemaddr (nextmemaddr(m)),s,q)); 
A SS 
presi 
atomofmemaddr(fetchm(ml,g)), 
pushstk (valofmemaddr (nextmemaddr(m)) ,s,q) 
ES 
SC EY Sm ag) — 
prog 
atomofmemaddr(fetchr(r,q)), 
pushstk(valofmemaddr(nextmemaddr(m)),s,q) 
Jat 


xeg(bsr (ns) mig)= 


prog ( 
offset(n,nextmemaddr(m)), 
pushstk (valofmemaddr (nextmemaddr (m) ) ,s,a) 


IK 
IE ,m,g)= 
prog ( 
offset ( 
atvom@iint( fetch (r,q))., 
nextmemaddr (m) 


pushstk (valofmemaddr (nextmemaddr (m) ) ,s,q) 
) i 
xeg(rts s,m,q)= 
prog (atmoofmemaddr (topstk(s,q)),popstk(s,q)); 
xeg (open(s) ,m,q)= 
prog ( 
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nextmemaddr(m), 
openfile( 
atomofstr,char(topstk(s,popstk(s,popn uwa 
(5,pOpstk(s¢a) Pp R p 
atomoffile(topstk(s,popstk(s,popstk(s,q)) TM 
atomofine( topstk (s,pepeec sc. 1. 
atomofint (topstkts T m 
popstk(s ef, 
) 
E: 
xeq (close (s) ,m,q)= 
prog. 
nextmemaddr(m), 
closefile( 
atomoffille(tonstkis cc 
popstk(s,q) 


es 
xeq (read(s) ,m,q)= 
prog ( 
nextmemaddr (m), 
storem( 
infile ( 
atomoffile(topstk(s,popstk(s,q)) ), 
popstk(s,g) 
dy 
atomofmemaddr (topstk(s,q)), 
popstk(s,g) 
) 
) ; 


xeq(write(s),m,q)- 


prog 
nextmemaddr (m) , 
outfile( 
fetchm( 
atomofmemaddr(topstk(s,popstk(s,q)) ), 
popstk(s,q) 
) 
atomoffile(topstk(s,q)), 
popstk(s,q) 
Mb 
xeq (write (wem /* database part */ 


prog (nextmemaddr (m) ,write(v,qu,q)); 
xeq (write m(ml,qu) ,m,q)= 

prog (nextmemaddr (m) ,write(fetchm(ml,q),qu,q)); 
x<eq( (write rí(r qu no _ 

prog (nextmemaddr (mg@iwri tel fetcnrir G PD n pp 
xeq (delete ix (eam, a) — 

prog (nextmemaddr (m) ,delete(qu,q)); 
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Hequcclete mm (qu,ml),m,q) = 
prog ( 
nextmemaddr(m), 
delete ( 
qu, 
storem( 
Tess cce 
Du 
q 
) 
es, 
eG EE 
Io 
nextmemaddr (m), 
delete( 
qu, 
storer ( 
read (qu,q), 
r, 
q 


) 
Is 
xeq (open(s) ,m,q)= 
prog ( 
nextmemaddr(m), 
open( ` 
atomofstr.char(vl), 
atomofdb (v2) 
) 
n 
xeq(close(s),m,q)- 
prog ( 
nextmemaddr (m) , 
close ( 
atomotstr.:Gmar (ul), 
atomofdb (v2) 


E /* database part */ 


end extend; 
end am; 
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APPENDTA EC 


A SIMPLE ASSEMBLER FOR AM 


EE Intcroducc cn 


This document is adapted from Yurchak [Ref. 2], Appendix 
C, and constitutes the reference manual for both version 2.0- 
Z100, developed by Hunter [Ref. 3], and the latest modification 
towards version 3.0. It provides a comprehensive description 
of the syntax and semantics of the assembler as well as a 
description of the salient features of the AM machine and a 
definition of the opcodes executed by AM. 


AMASM is an assembler which generates a relocatable load 
module for the abstract machine interpreter AM. It is to the 
extent possible written in portable C. The parser and scanner 
were produced using the Unix YACC and LEX utilities. The 
output from these utilities require several patches to allow 
compilation on the Z100 using Lattice 'C.' Readers desiring 
to port the code to other machines may have to make slight 
changes to "defines." In this implementation, longs are 
assumed to occupy 32 bits, both int and short - 16 brts NEED 
char - 8 unsigned bits. NOte: if the int size changes, then 
the infile and outfile functions in amstate.c must be changed. 


The input svntax of AMASM is similar to that of other 
assemblers. It supports symbolic addresses and constants and 
a typical set of directives, but has no macro capabilities. 
The assembler accepts an ASCII source file created on a con- 
ventional text editor and produces an output file containing 
relocation information and AM opcodes. Invoking AM causes the 
Output file "a.am" to be loaded and executed. 


2. Differences from Version 1.0 


Since it was our intention to primarily specify and des- 
Cribe the abstraction of a database resource, the assembler 
part for AM was considered to be of less importance for this 
thesis. Due to the limited time the adaption of AMASM to the 
database requirements is still incomplete, only some examples 
are given which indicate a way of how to integrate this latest 
resource. Thus, for instance, although the read/write com- 
mands for the queue were developed, the method of actually 
retrieving objects from the queue has not yet been defined. 
The same is true for the database itself, where the only 
commands described are those for opening and closing the 
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database, while the other operations were left undefined for 
the above reasons. So, in fact, AM (version 3.0) represents 
only a partial extension of AM (version 2.0-Z100). 


3. Usade 


AMASM is invoked with the following command line syntax: 
asis file 


AMASM produces a single load module "a.am," which forms the 
input to the AM loader. The optional "-t" switch sends a de- 


bugging trace to "stdout," the "-x" switch provides an extended 
version of the trace, and the "-s" switch provides trace of 

the recognized scanner tokens. The optional "-1" switch gener- 
ates the listing and cross-reference file "a.x."  Appended to 


this file is a hex dump of "a.am." 


EE Lexical Conventions 


Assembler tokens include identifiers (alternatively, 
"symbols" or "names"), literal constants, operators and delimiters. 


me Tdentlfiers 


Legal identifiers are described by the following regular 
expression: 


[A-Za-zl[A-Za-z0-9]* 


Mlemtitiers consist of a letter or underline " “© followed by a 
string of zero or more letters, decimal digits and underlines. 
Upper and lower case are distinct. Identifiers may represent 


symbolic constants, instruction mnemonics, labels, addresses 
and type names. 


4.2. Operators 


The following are considered to be operators: 
—— c «zx > >= 
+ — * / & & | 


The meaning of the above symbols varies with context. 


4.3. Literal Constants 


Decimal and hexadecimal constants are described by the 
following regular expressions respectively: 


[-+] [0-9]+| [0-9]+ 
S[0-9A-Fa-f]+ 


Zk 


Decimal constants consist of an optional sign followed immedi- 
ately by one or more decimal digits. Hexadecimal constants 
consist of the character "$" followed immediately by a string 
of one or more decimal digits and upper or lower case letters 
"A"through "F." Numeric constants may represent addresses, 
integer and natural numbers, boolean and character values. 

Character constants consist of a single quote ’ , followed 
either by an ASCII character, that is not a carriage return/ 
linefeed or a numeric constant, followed by a closing single 
CLO 


String constants consist of a string Of zero or more ASCII 
characters (except carriage return/linefeed) enclosed in double 
guotes. 


4.4. Blanks 


Blanks and tabs are ignored by the assembler except where 
required to separate adjacent constants or identifiers. 


4.5. Comments 

The character ";" produces a comment. The assembler ignores 
all further characters on the line up to the terminating 
carriage return/linefeed. 


4.6: Delimiters 


All other characters found in the input stream are treated 
as delimiters. 


5e Statements 


A source program is composed of a sequence of statements, 
one statement per line. There are 3 kinds of statements: 
directives, instructions and null. 


Instructions and null statements may be preceded by a label. 
Directives may (in some cases, must) he preceded by an 
identifier. 


5.1. Labels & Tdentifiers 

A label consists of an identifier followed bv a colon ":" 
When the assembler encounters a label, the effect is to assign 
the current value of the location counter to the name. 


An identifier preceding a directive is assigned a value 
whose type depends upon the directive. For instance, the equate 


directive assigns a typed value to an identifier, while the 
define storage directive assigns the current value of the 
Vocation counter. 


Neither labels nor identifiers may be redefined within 
a Single source file. 


5.2. Null Statements 


A null statement is an empty statement. Although ignored 
the assembler, null statements may be preceded by a label. 


5.3. Directive Statements 


A directive is a command to the assembler to perform some 
sort of operation which does not involve emitting an executable 
instruction. Typical directives (also known as "pseudo ops" 
or "pseudo instructions") allocate storage for variables, make 
names within the current module visible to other modules and 
set the location counter. Directives also produce instructions 
ehe AM linker and loader. ` 


Directives consist of a keyword followed by zero or more 
arguments, depending upon the context. Directives and their 
syntax are described in more detail in Section 12. 


BETA. instruction Statements 


Instruction statements produce the code which is ultimately 
executed by AM. An instruction may be preceded by a label, 
and consists of a keyword followed by zero or more arguments, 
depending upon context. 


The AM instruction set and its syntax will be described in 
detail in Section 14. 


6. The Machine 


Because AM differs from conventional machines in a number 
of important ways, some discussion 1s necessary before intro- 
ducing the instruction set. Outwardly similar to a number of 
well-known examples, AM instructions form an unconventional 
set of primitive operations which implement a formally speci- 
fied semantics. The reasons for this are described below. 


AM uses a tagged architecture. Thus, each data element 
contains, within it, information which uniguely identifies a 
finite set of legal operations which may be performed upon it, 
as well as a range of legal values it may take on. This set 
of operations and values is known formally as a data type. 

AM supports a number of data types. An element of a particular 
data type will be referred to throughout the rest of this manual 
as an atom. 
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AM physical resources are partitioned into segments. There 
are several types of segments, and these together form a con- 
ventional overall model of the familiar stored program computer. 
There are memory segments (primary storage), register seg- 
ments (high-speed memory), display register segments (bit- 
mapped display memory), stacks, a queue, a monitor (display 
terminal attributes) and file segments (secondary storage). 
Segments are further partitioned into discrete, addressable 
elements (alternatively, "cells") which will contain atoms 
during the execution of a program. These elements will be 
referred to repeatedly as typed values. The reason for the 
distinction between atoms and values will become more clear 
shortly. 


AM is the finite implementation of a formal specification. 
As such, data elements and the operations which can be applied 
to them must reflect a mathematical consistency not required 
by conventional architectures. Since all operations which 
affect the state of the machine must be able to "communicate" 
with each other during the execution ot a AM program, (no emus 
do so uSing a common object. This object is a value. The 
memory, registers, display registers, stack, queue, and files 
all hold values. Store, fetch, execute, read, write--any 
operations which change the state of the machine--all operate 
on values (1.e.,storage cells). All other operations, such as 
"add," "multiply; “and,” and “or,” work on atoms. Atoms 
operations in AM correspond to those which take place in the 
temporary registers of the arithmetic and logic unit of a con- 
ventional processor. 


6.1 Configura ron 


A unique feature of AM is the ease with which it is possible 
to reconfigure the machine by partitioning the physical resources 


in different ways. A typical configuration would be something 
like this: 
2 memory segments 
l register segment (with a useful number of registers) 
1 display register segment (with one or two registers) 
l stack | 
l queue 
l monitor (only one is permitted) | 
l database (one or more are possible) 


16 files 


The configuration chosen should provide a good indication of 
the types of programs AM is intended to execute. 


Note that, in conventional machines, stacks are implemented: 
in primary storage. This constitutes an overloading of data 
structures which obscures the intent of the user of these 
structures. It also creates a semantic nightmare for the 
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specification writer. In AM, stacks and queue take their 
rightful places as separate entities with easy to understand 
properties. 


In addition to the resources listed above, AM has a con- 
ventional program counter. 


"1. Memory 


AM memory is partitioned into segments which may be of un- 
egual but fixed length. A program and its data will reside 
in memory segments. It is not necessarv that code and data 
share the same segment, nor is it reguired that code and data 
be contiguous. The loader will determine from the origin 
directive where to load code and data values. 


The AM heap is implemented as a set of operations which 
allocate and deallocate memory segments. 


AM has a rich set of addressing modes which interact with 
a powerful move instruction which allows the programmer to 
move a value from "anywhere to anywhere." 


6l.2. Registers 


AM registers form the high-speed storage into which oper- 
ands are placed. 


All atomic operations, such as add, divide and poffst, 
require operands to be in registers. Form operations are an 
exception. Their operands may be in either a register or a 
display register. 


6.1.3. Display Registers 


The form is the atomic data type that represents an image. 
Like any other atomic data type, it may be placed in any memory, 
register, stack or file cell. A form can not be "viewed" by 
the monitor unless it is in a display register. 


Display registers may only contain form values. Each dis- 
play register has its own window which is fixed in size but 
with a variable origin. The display window determines what part 
of the form is "viewed" by the monitor. 


In general,display registers may be partitioned into multi- 
ple segments. However, the hardware on most machines will only 
support one segment of one or two registers. A segment of 
two display registers is equivalent to the idea of a "front" 
and "back" plane. 


NO 
~J 
Cn 


6.1.2 eon ene 


The monitor represents a set of terminal attributes which 
are part of the "state of the machine." The attributes: 
vertical and horizontal number of pixels, vertical and hori- 
zontal screen dimensions, intensity capability and color planes 
are fixed for any terminal. The background color and display 
register selection attributes are programmable. 


6.155. “Stack 


The AM stack is conventional in every respect except that 
it is impossible to access any value except the top. Thus, 
frames are implemented on the heap, not the stack. 


AM has a typical set of push and pop instructions for 
operating on stacks. 


6.1.62 soles 


Input/output is implemented rather arbitrarily alona the 
lines of system calls to an operating svstem and should not be 
Considered pare of AMEStseTS 


Instructions are provided to open, close, read to and write 
from a file. 


6.1.7. Queue 


Primarily, the queue acts as a buffer for 'objects' being 
retrieved from the database during a select operation. It is 
implemented in the same way as the stack to prevent the access- 
ing of any value except the one residing in the front position. 
This method ensures that the order of the values defining an 
object will be kept. 


A set of write and read instructions is provided for 
Operating on the queue. 


6-1.3- Database 


The database consists of two major parts: the data repre- 
senting the information and a set of commands to perform the 
defined operations on it. These commands can only be as m | 
to data that have explicitly been specified as a database and 
meet its structural requirements. In principle, the data meda 
to be arranged as ordered pairs of lists. For database opera- 
tions all resources of AM may be used, with exception of the 
display registers and the monitor. 


Instructions are provided to open and close the database. 
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REH Atoms 


An atom is a component of a data type. 


The assembler 


recognizes the following type of atoms: 


file address 
pidlist 
pidsetlist 
vallist 
valsetlist 
proplist 
propsetlist 
pvallist 
pvalsetlist 
objlist 
classlist 
dblist 
qaddress 


As operands to instruction mnemonics, 


these atoms form the 


familiar set of literal and symbolic constants found in typi- 


cal assembly language programs. 


With certain exceptions, atoms may appear in the form of 


irceral constants: 


100 

Sf T 

ra! 

ABRES 1s a string atom" 


They may also appear as symbols which take on the value of the 


atom in some other part of the source program. 
anywhere a literal constant may be used, 


tions, 


With few excep- 
a symbolic 


constant of the appropriate tvpe may also be used. 


The assembler distinguishes between types of atoms using 


syntax and context. 


1. Boolean 


A boolean atom has only two values, 


The syntax is described below. 


true and false. These 


values are represented to the assembler by the decimal or 


hexadecimal constants for l and 0, 


0 
I 
$1 
$0 


are legal boolean atoms. 


Ee, Natural 


This type represents as the name implies, 


signed) numbers. 


ET 


respectively. 


the natural (un- 


Legal values range from zero to positive 


- 


infinity. Natural numbers are represented to the assembler as 
decimal or hexadecimal constants whose values are greater than 
Or equal roz To; 


U 
D: 
240 


are legal natural atoms. 
ad.  Intecer 


Integers range from negative to positive infinity, and are 


specified as hexadecimal or signed or unsigned decimal constants. 


-250 

0 
Sed67f 
+10 


are legal integer atoms. 
7.4. Character 


Character atoms may take values defined by the ASCII 
character set. They are represented to the assembler as literal 
character constants. 


Kern 
are legal character atoms. 
la E'n] 


String atoms are composed of zero or more concatenated ACIII 
characters. They are specified as literal strings. 


"thisis a legal string atom" 


are both legal string atoms. 


SE 


An intensity atom ranges from 0 to 199 decimal ni DP 
reoresented as a unsigned decimal or hexadecimal constant pre- 
ceded with the character "&." "@" represents the null intensity 
which is used to construct the null! 

&@ 

&0 

&89 

&199 


are legal intensity atoms. 
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EST, color 


A color atom is a composite of a red, green and blue inten- 
sity. It is represented as an ordered triple of unsigned 
decimal or hexadecimal constants separated by commas ",", 
enclosed within parenthese "("")" and preceded with "&". The 
nullcolor provides the concept of background and transparency. 
It is represented as the "@" enclosed within parentheses and 
preceded with "&". 


Ska, DS) 
07070, 190) 
E (a 


are legal color atoms. 
UNS Point 


Points are composed of integer pairs. The x and y coor- 
dinates correspond to the first and second integers respec- 
tively. Increasing integer values represents positions 
shifted right and up. A point is represented as an ordered 
pair of decimal or hexadecimal constants separated by a 
comma ","and enclosed within parentheses "("")", 


(0,0) 

(4,1047) 

oe) 
AO 7, 298399 ) 


are legal point atoms. 
7.9. Rectangles 


Rectangles are composed of a pair of points which repre- 


sent the opposing corners. A rectangle is represented as an 
unordered pair of points separated by a colon ":" and enclosed 
within square brackets "[""]". 

O, 0) > (O, O] 


me O) : (50,45) ] 
me 45)5(0,0) 
MO, 200000) > (30,59) ] 


are legal rectangle atoms. 


IU. Form d 

A form atom is a composite structure. It has a two dimen- 
sional size and a color map which is an array of colors with 
each color corresponding to a point in its area. The form 
atom has no literal constant representation. It 1S created 
using the operator, newfrm, and modified using other operators. 
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J oleae we One 


A font atom is an array of forms. The font atom nasmma 
literal constant representation. It is constructed from the 
operator, newfnt, and modified using other operators. 


Tol2 pt» hl 

A ptblt atom is a composite of three rectangles and a 
natural which represents a copy rule. The ptblt atom has no 
literal constant representation. It is constructed from the 


operator, newblt, and is modified using other operators. 


7.13. Memory Address 


Memory address atoms consist of two components: a segment 
address,and an element address. Memory addresses are repre- 
sented as an ordered pair of unsigned decimal or hexadecimal 
constants, separated by a colon ":" and enclosed within 
parentheses "("")". 

(0:100) 
represents memory segment 0, element 100. 

(2:910) 


represents segment 2, element 16. 


Segment and element addresses start at 0. The number and 
size of available memory segments depends upon the current 
configuration of AM. 


Labels are considered memory address atoms, as are names 
which appear to the left of the define storage and define 
constant directives. 


7.14. Register Address 


Register address atoms have a syntax identical to that of 
memory addresses except that a lower case "r" is prepended to 
the address. 


T gs) 
refers to register segment 0, register 3. 

Segment and element addresses start, as with memory addresses, 
at 0. The number of register segments, and the number of 


registers within each segment, varies as determined by the 
Current AM configura Ton: 


7.15. Display Register Address 


Display register address atoms have a syntax identical to 
that of register addresses except that the lower case "r" is 
replaced with a. lower case ‘cue 
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ai Om 


refers to display register segment 0, register l. 


Segment and element addresses start at 0. The number of 
display register segments, and the number of display registers 
Within each segment, varies as determined by the current AM 
EE er rar EL en, 


Pero. Monitor Attribute 


The monitor consists of eight attributes values which are: 


x--represents number of horizontal pixels (natural) 
y--represents number of vertical pixels (natural) 
v--represents screen height in inches (natural) 
h--represents screen width in inches (natural) 
i--represents intensity capability (natural) 
C--represents number of color planes (natural) 
Rcurrenmt Baekgrouna color (color) 
d--selected display register to view 

(display register address) 


A monitor attribute is represented by a dash "-" followed by 
one of the above characters for the indicated attribute. 

-X 

EY 

ED 


are all lecal monitor attribute atoms. 
7.17. Stack Address 


A stack address has only one component: the segment address. 
Stack addresses are specified by prepending a lower case "s" 
to an unsigned decimal or hexadecimal constant enclosed within 
parentheses. 


s (2) 
refers to stack segment 2. 


Stack addresses begin at 0. The number of stacks depends 
upon AM's configuration. 


7.18. File Addresses 


File address atoms may not appear in a program except within 
typed values. File address atoms are represented as unsigned 
integer or hexadecimal constants. 


‘Pile addresses start at 0. The number of files which may 
be open at one time is determined by the current AM configura- 
tion. The first three file addresses (0,1,2) are normally 
opened automatically by AM when a program is loaded. 
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7.19. Pidlist 


Pidlist atoms are composed of one or more concatenated 
ASCII characters and form single strings that must not be 
empty. They are surrounded by angle brackets. 


<name> 
‘cae 
<arade ms 


are all legal pidlist atoms. 
7.20. Pidsetlist 


This tvpe represents a number of zero or more pidlists, 
separated by commas "," and enclosed within a set of angle 
brackets. 


<name, age, grade> 
SEH 


are both legal pidsetlist atoms. 
Pc be Vallist 


Vallists are represented like pidlists as strings of one 
or more concatenated ASCII characters. Type distinctie WW 
made in accordance with the context in which they appear. 
Arithmetic operations on vallist atoms are not possible since 
they are treated as characters. 

Spo 

<A> 


are legal vallist atoms. 
7.22. Valsetlist 


Analogous to the pidsetlist, valsetlist atoms are composed 
of zero or more vallists, separated by commas "," and enclosed 
within a set of angle brackets. Since a valsetlist atom is 
actually used to define a certain domain of values, it most 
likely will be of the following form: 


LADD, bb 

SA DE DE 
«Monterey, san Diego> 
< > 


Dut 
«John,Cindy,Monterey» 


would also be a legal valsetlist atom. 
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fees. Proplist 


Proplists are composed of ordered pairs that consist of a 
pidlist and a valsetlist, additionally enclosed within angle 
brackets and separated by a comma ",". 


< <name>,<John,Cindy,Mark> > 
E radeo^,«A,AÀA-,Bt^ > 


are legal provlist atoms. 
7.24. Propsetlist 


Propsetlist atoms are represented by zero or more prop- 
lists, additionally enclosed within angle brackets and separated 
commas ", . Since a proplist consists of the ordered pair 
pidlist and valsetlist, a propsetlist atom also contains a 
number of ordered pairs. 


EC -name,«John,Cindy,Mary^? >, 
ae 2010, 3017,65 > > 


1s a legal propsetlist atom. 
feo. Pvallist 


This type is composed of the ordered pair pidlist and 
vallist separated by a comma "," and additionally enclosed 
within angle brackets. 


< <name>,<John> > 
< <name>,<Cindy> > 
 age>,<l/> > 


are legal pvallist atoms. 
ES Pvalsetlist 


A pvalsetlist atom consists of zero or more pvallists, 
" " 


separated by commas "," and additionally enclosed within angle 
brackets. It is arranged as a number of ordered pairs. 


<< <name>,<John> >,< <age>,<25> >, < <city> <Monterey> > > 
<< 


are both legal pvalsetlist atoms. 
R 2 Obilist 


Objlists are composed of zero or more different pvallists 
and can be considered as particular pvalsetlists. An objlist 
consists of a number of ordered pairs that like a pvalsetlist, 
are enclosedwithin an additional set of angle brackets and 
Separated by commas ",". It can be empty, although this would 
not be meaningful. 


NS 


< « xnamecsseJolm qu | 
e < <name>,<Cindv> >,< <sex>,<female> >,< <age>,-20 Wa 
<< 


are legal objlist atoms. 
7.28 cc le 


This type is represented by zero or more objlists, addi- 
tionally enclosed within angle brackets and separated by commas 
",". It is mandatory that all objlists belonging to the same 
classlist are equally structured. That is, their pidlist 
atoms must be identical. 


< < < «names «donum £ <age>,<25> 
< < <name> ,<Cindy> >; mage E 
< < <name>,<Paul > >,< <age>,<20> 


Vo Vey 
VV Vv 


is a legal classlist atom. 


Te 29r DHEISE 


The dblist is composed of zero or more classlists which 
are additionally enclosed within angle brackets and separated 
by commas ",". An objlist atom can only be contained in the 
dblist if it is part of a classlist that itself must be contained 
in the dblist. Since the structure is top-down, a pidlist not 
included in any classlist may be comprised in the dblist, but 
never the reverse. 


The following shows a legal dblist atom: 


< < < < <name>,<John> >,< <score au s P a. 
< < <name>,<Mary> >,< «Score Sc I 


<< < <course>,<Cs4600> >,< <room>,<l3> >,< <hours>,<4 M 


< <course>,<0R3333> >,< <room>,<42> >,< <hours>,<4'' MM 


< < <ID>p<ab> > est. 21 
< <ID>,<xv> > 74° est. 7-625. 
<ID>,<UwW> 9) 3 n 


The database structure is simple and can easily be disclosed. 
The first list of this structure always corresponds toe t'r 

first object class, while the first list of an object class 
equivalent to its first object. Then the first list orem 
object represents its first property value which itself contem 


the property id as first element and the corresponding value as 
its second. 


7.30.  Qaddress 


The only component of a queue address is the segment address. 
Queue addresses are specified by prepending a lower case "q" to 
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Don Sail Sia wasa 


an unSigned decimal or hexadecimal constant enclosed within 
parentheses. 


cade) 
refers to queue segment l. 


8. Typed Values 


Some of the atomic types may also appear as typed values 
in certain instructions and directives. A typed (immediate) 
value is represented as an ordered pair consisting of a key- 
word representing the type, and the atom itself, separated by 
a comma "," and enclosed within curly braces "{""}". 


Ieas 100) 
represents the integer value 100. 
maddr. (1:100) } 


represents memory address value (1:100). 


A list of the types which may be used as immediate values 
alongside the corresponding keywords appears below: 


bool--boolean 

nat--natural 

int--integer 

enap--character 
string--character string 
intens--intensity 

or color 

pnt--point 

rct--rectangle 

addr--memory address 
file--file address 
purst--property id list 
pEscriLStproperty idset rst 
ist value list 
valsetlist--valueset list 
proplist--property list 
propsetlist--propertyset list 
pvallist--propertyvalue list 
pvalsetlist--pbropertyvalueset list 
@ojlist—--ebject list 
classlist objectclass list 
dblist--database list 


Immediate values are used, as in conventional assembly languages, 
for loading constants into cells, initializing storage, pushing 
parameters to subroutines on the stack, and so on. 


A special syntax may be applied when expressing typed values 
for the define storage and define directives. The type 


B3 


keyword may be followed by a list of atoms of the appropriate 
type, separated by commas. 


(int, 25354, pore on 


shows an example of this. 


9. Expressions 


An expression may be substituted anywhere an integer or 
natural atom is called for. The expression must be a sequence 
of integer/natural atoms (and symbolic constants equated to 
integer/natural atoms) separated by operators and grouping 
svmbols which evaluates to an atom of the type called for 
where the expression is used. 


9.1. Expression Operators 


Legal operators are (in order of increasing precedence) : 


| - or 

& - and 

t- - addition and subtraction 

*/% - multiplication, division, and modulus 


= - unary minus 


Expressions may be grouped using parentheses "("")", 


LO. Nocta mon 


Throughout the rest of this manual, the following notational 
conventions will be used to describe the syntax of directives 
and instructions. 


Eom 

- typed value 

— "Natural acom 

= integer atom 

- memory address atom 

register address atom 

- display register address atom 

- either a display or a bigh speed register address atom 

- monitor attribute atom 

- stack address atom 

> - items enclosed within angle brackets are arguments 
|l" - items enclosed in square brackets are optional 

«ea» - effective address 

«ev» - effective value 

O = queue address atom 


Or OG Sa 
I 
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mu... Data Format 


AMASM emits object code and directives using AM I/O 
modules. The object module is, thus, directly readable by AM. 
A linker and loader may be written either in a high level 
language, or AM assembler. 


The data and object module formats described below are a 
direct reflection of AM's tagged architecture. The following 
conventions will apply: 


- All numbers shown are in hexadecimal. 

- The letter "H" is a place holder signifying any 4-bit value. 

- The letter "D" is a place holder signifying any 32-bit value. 

- The letter "P" is a place holder signifying a 32-bit pointer. 

- The general form of a typed value is 
rag] [val] 


where "tag" is a l6-bit type field, and "val" is either an 
8 to 32-bit value or a 32-bit pointer. 





Note the following: 


- Character string atoms and values have a 16-bit size field 
inserted after the type field which indicates the number 
of characters in the value field (including the ter- 
minating null). This size field is omitted in memory 
(Since it is not needed) and replaced by a pointer to 
the string. 


- Instruction values have a 32-bit pointer following the 
type field, which points to an array of values. The 
first value is the opcode followed by the operands. 
The number of operands is encoded in the opcode. 


- Form values have a 32-bit pointer to a form header. 
The header contains the form's rectangle and a pointer 
to the cmap which is an array of colors. The length 
of the cmap is determined from the form's rectangle. 


- Font values have a 32-bit pointer to a font header. 
The header contains the font' rectangle and a 128 member 
array of cmap pointers. 


- All list atoms and values with the exception of the 
dblist type have a l6-bit size field that is inserted 
after the type field and indicates the number of charac- 
ters contained in the value field. Similar to the 
String type, this size field is replaced in memory by 
a pointer to the corresponding list. 


- Dblist atoms and values have a 32-bit size field in- 
serted after the type field which indicates the number 
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of characters in the value field and represents the total 
number of characters contained in the database. In 
memory the size field is replaced by a 32-bit pointer to 
the dblist. 


A number of the formats listed below ase not desenibern, Toc 


where in this manual since they are either not accessible to 
the programmer, or are implied by context. 


tig 


T: 


Atom Formats 


boolean [0001] [HH] 

natural - [0002] | HHHH | 

integer - |0003| |HHHH| 

character - [0004] [HH] 

character strings. [0005 [Aca 
intensity - [0006] [HH] 

color =d 000 PEA 

point - [9098] PI] [BB] 
rectangle - [0009] [P] |bbDD| 

form - [9002] [P] [Db Db] [P] [-Gmap array-] 
font = [00081 |P] |po pn 8 n r, 
ptblt - [000C] [P|] |DDDD DDDD DDDD HH] 
memory address - |0030| |D] 

register address - |0031] |D] 

display register address - |0032] [D] 
monitor attribute - [0033] |HH] 

stack address - [0034] [D| 

file address DOS EEE] 

monadic operator - |0040] |HHHH| 
dyadic operator - [0041] |HHHH| 
triadic operator = REECH 
quadadic operator - |0043] |HHHH] 
sexadic operator - [0044] |HHHH] 
octadic operator - [0045] |HHHH] 
relational operator - [0046| [üHHH| 
boolean comparator - |0047] |HHHH] 
pidlist - [000D| [P| [|HH...00] 
pidsetlist = [0008] |rim r ua 
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Vallise - |000F] |P]. fHER- 2907 
ENEE = [voto] E uae. do] 
po — |OO11| MIP) THEG 200] 
Em eic "MOI Aa aus. 00] 
pvallist - [9013] [P] [HH...00] 
pvalsetlist - [0014] [P] 00) 
se — [0015] [P| |[HHZI2.00] 
elasslist - |0016| [P] [HH...00] 
ablist - [U917] [P] [D-..00] 
qaddress - [0036| |D] 


11.2. Value Formats 


Doelecany— |0201] [HEH] 

RE 6202 [HHHH] 

integer - |0203| |HHHH] 

phomucter - [0204] |HH| 

character stming = 02005] || |HH. 00] 
intensity - |0206] |HH! 

color - [0207| [HH HH HH] 

point - [0208] [2] [BB] 

rectangle - |0209] |P| |DDDD] 

form - [0208] [P| [DD DD] |P] [Fonap array] 
porco pozos] [Pj |pbspp| |s28P*szl 
ptblt - [020C] |P| [DDDD DDDD DDDD HH| 
memory address - |0230| ID| 

register address - |0231| [D] 

display register address - |0232] [D] 
monitor attribute - |0233] |HH| 

stack address - [0234] [D| | 

file address - |0235| |HHHH| 
instruction - [0250] |P] |[HHHH] [zero or more operand atone] 
EE Ekel [HH.:509] 
pidsetlist - [0208] [P] [HH...09] 
vallist - [020%] [P] [HH..-00] 

ue Sc (0210) [PI |[HHTT 00] 








255 


proplist = [0211 P Im e 
propsetlist - [0212 r nunaman 
ovallist - [0213] [E] [HH-00] 
pvalsetlist - [0204] |P] [EI Geg] 


objlist - |0215 Pimi mm 


ere  —— 


classlist - |0216 f TE i 
dblist —- |0217| |P| EE 
gaddress - |0236] |D] 


11.3. Object Mödule FOrmat 


The structure of an object module is very simple. The 
only object always found is a leading ora directive. Next, if 
any symbols were declared global or external in the source 
module, a pseudo instruction will be emitted for each such 
symbol. The rest of the file contains executable and pseudo 
instructions emitted as they occur in the source. 


12. Assembler Directives 


AMASM recognizes the following directives: 


equ "Tequate 

orc - absolute origin 
TOYS - relative origin 
extern - external symbol 
globl — glebal symbol 
trace - trace execution 
ds - define stroage 
ac - define constant 


Directives do not produce code which will be executed by AM, 
but they may cause linker/loader instructions to be emitted. 
The meaning and syntax of each directive is described in the 
following pages. 
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EQU Equate EQU 


EE 
<name> equ <equivalence> 


where: 
<name> is any legal identifier 
<equivalence> is any atom or typed value 


Description: 


The symbol <name> is assigned the value of «equivalence». 
Elsewhere in the source module, the symbol may be used in place 
of a literal value of the same type as <equivalence> using the 
following syntax: 


- If the symbol represents a memory address atom, the symbol 
may be used directly. 


- If the symbol represents a typed (immediate) value, it 
nu cscansdesedaMMDNcurlv braces "('""y". 


- If the symbol represents an integer or natural atom, it 
must be preceded by a pound sign "#". 


Example: 
propseg equ (0:0) 
dataseg equ (1:100) 
offset equ 10 


datafile equ file, 


org progseg 
move laddr, data Tr (0:90) 
move (int 00D Odo Eset 


push {string,"test.dat"}s(0) 
puce dcc 

jM int O O) 

us o 0) 

open s(0) 

stop 


Org  dataseg 
data ds 100 
"progseg" and "dataseg" are equated to memory address atoms. 
"Offset" is equated to the integer atom 10. 


atrae us equated to the £ile address value {file,3}. 


2i. 


Formas. 


equ does not cause an emission. 
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ORG Absolute Origin ORG 


Syntax: 
Org [M] 
Description: 


The location counter is reset to M, if specified; other- 
wise it remains unchanged. All memory addresses and labels 
Specified after an org directive up to the next org or rorg 
directive not explicitly expressed as displacements are 
treated as absolute addresses. Code generated after an org 
directive up to the next org or rorg directive is not 
relocatable. 


Example: 
org 
move (0:0), ,r(0:0) 
org ( 20) 
data ds EE EL? 
Termat: 


[0759] [1801] [0230] [D] 
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RORG Relative Origin RORG 


Syntax: 
rorg [n | 
Description: 


The location counter is reset to M, if specified; other- 
wise it remains unchanged. All memory addresses and labels 
specified after a rorg directive up to the next org or rorg 
directive are computer as displacements. Code generated after 
a rorg directive up to the next org or rorg directive is 
relocatable (program counter independent). 


Example: 
rorg 
move {in 00d data 
SE stub 
stop 
data ds 10 


In the above example, the move would be emitted using 
destination program counter relative addressing. 


Format: 


[02501 [1801] [0230] [D] 
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EXTERN External Symbol EXTERN 


syntax: 
extern <name>... 


where: 
<name> is any legal identifier 


Description: 


The list of symbols is made visible to the current module 
and is assumed to be defined elsewhere. An error is flagged 
if a symbol in the list is not referenced somewhere within 
the current module. It is also an error for any symbol in 
the list to be defined within the current module. 


Example: 
extern expon 
PUSO SON 
jsr expon,s(0) 
Hormat: 


For each symbol decalred external, an extern pseudo op is 
emitted, followed by a string containing the symbol. 


[0250] [1802] [0205] |P| [HH...00] 
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GLOBL Global Symbol GLOBL 


Syntax: 
grob name e 


where: 
<name> is any legal identifier 


Descriction: 
The list of symbols is made visible to external modules. 


Each name in the list must be defined as a memory address 
somewhere within the current module. 


Example: 
globl test,data 
test: 
move CO so ym elR 
Stop 
data ds 10 


"test" and "data" are made visible to other Mmoculece 


Formac: 
For each symbol declared global, a globl pseudo op is 


emitted, followed by a string containing the symbol, followed 
by a memory address representing the value of the symbol. 


[0250] [1803] [o0005| |P| [HH...00] [0230| |D| 


Qu 


TRACE Praco eu on TRACE 


EA EC ax: 


trace <tflag>,<toggle> 


where: 
<flag> is "-t" for normal trace and "-x" is for extended 
is aC 
<toggle> is "+" for on and "-" for off 
Description: 


A trace of the programs execution is available in two 
modes, normal and extended. The normal mode traces the main 
function calls and the major paths through them. The extend 
mode includesthe normal trace plus memory allocation calls and 
creation of temporary values. The trace directive may be 
selected in the command line when AM is invoked, or embedded 
in the source code to enable trace over selected portions of 
the procram. 


Example: 
progseg egu (0:0) 
GEG progseg 
move  laddr,data),r(0:0) 
ICON c 
move {int cxt) 0) 
race —-C 
puse ene , 0s (0) 
stop 
data ds 100 
Format: 


[0250] |[3800| [0204] |HH| |0203| 





HHHH | 
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DS Define Storage DS 


syntax: 


[<name>} ds N[V...] 
[<name>] ds [N} V... 


where: 
<name> is an optional identifier 


ds permits a list of atoms to follow the type keyword of 
each value. 


Description: 


ds allocates storage for values starting at the current 
value of the location counter. 


- If N is specified and N is greater than or equal to the 
number of values in the list, space for N values is 
allocated and the location counter is incremented by N. 


- If N is specified and N is less than the number of values 
in the list, Nis Ignored.: 


- If N is not specified, the amount of storage allocated 
is equal to the number of values in the list. The loca- 
tion counter is incremented ky this number. 


- If a value list is specified, the allocated cells will 
be initialized to those values, beginning with the first. 


- Cells allocated but not initialized are considered to 
hold undefined values. It is an error to attempt to 
read an undefined value. 


Example: 
data l ds 10 
data? ds L0taint, 100% nae OS O 
datas ds tehar P^ a tore, 


ds string, this is akstri vale A 


The first ds allocates l0 values and leaves them under sm 
"datal" may be used to index into those values. 


The second also allocates 10 values, but initializes the 
first to the integer 100, and the next 3 to the naturals 
0, 20, and 40. The last 6 values are left undefined. 


The third ds shown allocates 2 character values. 
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TTT a sumglc string value. No ident 
fier was specified. 


Hormat: 
A typed value is emitted for each value in the list. 


addition, ds will emit an org pseudo op (see org) whenever 
the number of values in the value list is less than N. 


299 


i- 


m 


be Define Constant DE 


Syntax: 
[<name>l dc Va 


where: 
<name> is an optional identifier 


dc permits a list of atoms to follow the type keyword of 
each value. 


Description: 


dc allocates and initializes storage from a list of values 
starting at the current value of the location counter. 


Example: 


data3 dc Cenau ID 
dc {string,"this is a string value 


The first ds shown allocates 2 character values. 


The second allocates a single string value. 


No iden 
fier was specified. 


Format: 


A typed value is emitted for each value in the list. 
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13. Addressing Modes 


AM supports ll addressing modes: 


d - display register direct 

r - register direct 

tl - register indirect 

rid - register indirect with displacement 

ridn - n-level register indirect with displacement 
m - memory absolute 

mi - memory indirect 

pcr - program counter relative 

2 - immediate value 


- immediate atom 
Stack direct 
- queue direct 


Qut 
I 


Like other more familiar processors, not all AM instructions 
can use all of the addressing modes. 


In addition, AMASM supports address expressions, which 
provides a rudimentary indexing capability. 


13.1. Display Register Direct 
The form operand is in the display register. 


Est as: D 


Format: 
oeu [p| 
13.2. Register Direct 


The operand is in a register. 


ENNtax: R 


Pormat: 
Eor Dj 
13.3. Register Indirect 


The address of the operand is in a register. 


Syntax: R@ 
R - holds the operand address 


Format : 


[9231] |D] 
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13.4. Register Indirect with Displacement 


The address of the operand is the sum of the address in a 
register and an integer displacement. 


Syntax: R@I 








R — holds a Base address 
I - an integer displacement 
Format: 
R KAESCH 
13.5. N-level Register Indirect with Displacement 


The address of the operand is the sum of the address ob- 
tained from the nth link in a chain of dynamic links and an 
integer displacement. 


Syntax: RN@I 


R ~ holds the current frame pointer 
N - a non-negative frame reference 
I - an integer frame displacement 


(RN@I) is equivelent to RGI) 


Pomar: 
(0231| |D] [0202] |HHHH] [0203] mam 
13.6. Memory Absolute 


Syntax L 


M - the operand address 
Formac- 
[0230] [D] 


1527. Memory Inatrect 
The address of the operand is in a memory cell. 


Svntax: M6 


M - a pointer to the operand address 


Format: 


[0230] |D| 


BUT 


13.8. Program Counter Relative 


The address of the operand is the sum of the program counter 
and an integer displacement. 


syntax: M 
M - the operand address 


The specified address must be in the same module as the instruc- 
tion. The assembler automatically computes the displacement. 
Program counter relative 1S specified for a block by placing 

a rorg directive at the top of the block. 


Format: 


[9203] [B] 


13.9. Immediate Value 
The operand is an immediate value. 


Syntax: V 


V - any tvped value 


Format: 
jtag| |valu| 


Mell. Stack Direct 

The operand is a stack. 
Syntax: S 
Format: 

[0231] [D] 
13.12. Queue Direct 

The operand is a queue. 
tax: O 


Pormat: 


[0235] [D] 


mee, Instruction Set 
The AM instruction set is simple but powerful. The rigid 


data types make it meaningless to specify operations like shift 
and mask, thus removing some of the programmer's freedom to 
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muck with data in arbitrary ways. The tagged architecture will 
detect errors like jumping to data, or accessing instructions 
as data, as well as the more common bounds checking performed 
by runtime libraries. 

141. Machine Errors 


The following errors are detected by AM during loading and 
execution: 


- attempt to execute a non-instruction 
- attempt to execute an illegal instruction 
- memory segment not defined 

- memory segment overflow 

- memory segment underflow 

- register segment not defined 

- register segment underflow 

- register segment underflow 

- display register segment not defined 
- Stack segment not defined 

- undefined monitor attribute 

- <file> contains unresolved references 
- attempt to convert negative int to nat 
- no predecessor to zeronat 

- no predecessor to minintens 

- no successor to maxintens 

- addition illegal with nubbuHnecens 

- subtraction illegal with nullintens 

- gtintens illegal with nullintens 

- ltintens illegal with nullintens 

- geintens illegal with nullintens 

- leintens illegal with nullintens 

- illegal color definition 

- form 1S not correct size for font 

- icon is undefined 


- unknown 


unknown 
unknown 
unknown 
unknown 
unknown 
unknown 
unknown 


to 
to 
CO 
ES 
TO 
to 
to 
to 


Operator 
Operator 
Operator 
operator 
Operacor 
ODErTator 
operator 
Operator 


applymop 
applvdop 
applytop 
applygop 
applysop 
applyoop 
applvrop 
applybop 


type error - GT 

EE errors n 

EE I! 

type error - LE 

no more segment available 

attempt to free invalid memory segment 
attempt to free non-allocated segment 


Stack emptv 
Stack overflow 


Stack underflow 
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file already open 

unable to close file 

unable to open <file> 

file already closed 

file not open 

file not open for reading 
FN “Ot open tor writing 
reading file, type not recognized 
error reading file 

writing file, type not recognized 
invalid memory segment 
memory segment not allocated 
invalid memory address 
invalid register segment 
invalid register address 
invalid stack segment 
invalid file descriptor 
attempt to return head of null string 
value not of type bool 

atom not of type bool 

value not of type int 

atom not of type int 

value not of type nat 

atom not of type nat 

value not of type char 

acon Moe OL type char 

value not of type string 
atom not of type string 
value not of tvpe ilev 

atom not of type ilev 

value not of tyep colr 

arom noo tvpe colr 

value not of type pnt 

HEO OE OE Cwee pnt 

value not of type rct 

atom not of type rct 

value not of type form 

atom not of type form 

value not of tvpe font 

atom not type font 

value not of type ptblt 
atom not of type ptblt 
value not of type mad 

atom not of type mad 

value not of type rad 

atom not of type rad 

value not of type dad 

atom not of type dad 

value not of type mattribute 
atom not of type mattribute 
value not of type sad 
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- atom not of type sad 

- value not of type file 
- atom not of type file 
- value not of type mop 
- atom not of type mop 

- value not of type dop 
- atom not of type dop 

=- value noe OL ryeer cop 
— atom nor orc 

- value not of type gop 
=- atom not Of typeucdor 

- value not of type sop 
=- atom not or Ey PeR O e 

- value not of type oop 
= atom not OMA peros 

= Value NOG Chase, pc sep 
= atom not of type rop 

- value not of type bop 
= atom not ore perno. 

- value not of type instr 
- atom not of tvpe instr 
= CYPE R IE 

- queue segment not defined 
= queue Venere, 

- queue overflow 

- queue underflow 

- db already open 

- unable to close db 

- unable to open <db> 

- db already closed 

- db not oven 

- illegal object insertion 
- object not contained in class 
- invalid queue segment 
= atom not OL Ey perra 

- value not of type pid 
= atom not Of Cype val 

- value not of type val 
- atom noe of type pval 
- value not of Gype pv il 
= ¿atom not ot Ey pe 097 

= value not of type obj 
= atom not ot type ab 

- value not of type db 

= atom HOt. Or typ penl 

— value not of itype ISE 


All machine errors are fatal. 
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14.2. Assembler Errors 


AMASM will detect and report the following errors: 


- symbol not an address 

- symbol defined locally 

- <symbol> does not match declared type 

- relative memory indirect not permitted 

- symbol not a value 

- symbol not an integer 

- intensity value exceeds range 

- symbols declared but not referenced 

- displacement from external addresses not permitted 
- relative addressing not permitted between segments 
- out of symbol space 

- symbol declared external 

- symbol already defined 

- symbol not of same type 

- impossible value for given type 

ENSVntax error 


Assembler errors are not fatal, but will prevent the crea- 
tion of the object module and, usually, the cross-reference 
file. 


14.3. AM Operations 


AM supports a useful set of monadic, dyadic, triadic, 
quadadic, sexadic, octadic, relational and test operators. 
These operators are to be used with the monad, dyad, triad, 
quad,sexad, octad, if and test instructions. The mnemonics/ 
symbols for each operator along with the data types to which 
each may be applied are described below. 


14.3.1.  Monadic Operators (MOP's) 


not - boolean negation 


not accepts a boolean argument and returns its negation 


abs - absolute value 
abs accepts an integer argument and returns is absolute 
value 

ntoi - natural to integer 
ntoi accepts a natural argument and converts it to an 
integer 

iton - integer to natural 
iton accepts an integer argument and converts it to a 


natural 
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len = string length | 
len accepts a string argument and returns its length as 
a natural number. 

make - make a string 
This operator accepts a character argument and returns a 
string oft lengths 

head - the head of a string 


This operator accepts a string argument and returns the 
character at its head. It is an error to take the head 
of an empty string. 

tail - the rest of a string 


tail accepts a string argument and returns a string con- 
taining all but the first character. The tail of an 
empty string is the empty string. 

remp,gcmp,bcmp - color components 
remp, gcmp and bcmp accept a color argument and return 
the respective red, green, or blue component of the 
color. 

xcord,ycerd >= Pone Coordinate 
xcord and ycord accept a point argument and return the 
respective coordinate integer. 

origin,corner - rectangle corner points 


These operators accept a rectangle argument and return a 
corner point. Origin returns the lower left and corner 
the upper right. 

xdim,ydim - rectangle dimensions 


xdim and ydim accept a rectangle argument and return the 
respective dimension integer. 


newfrm - new form 


newfrm accepts a rectangle argument and returns a new blank 
form whose rectangle is the same as the input rectangle. 


farea - form area 


farea accepts a form argument and returns its rectangle: 


gblts,gbltd,gbltc - get ptblt tvectamates 


These operators accept a ptblt argument and return the 


specified rectangle. gblts returns che sou —— e 
returns the destination, and gbltc returns the clipping 
rectangle. 
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meter — get ptblt rule 
gbltr accepts a ptblt argument and returns the natural 
that represents the copy rule. 

newfnt - new font 


newfnt accepts a rectangle argument and returns an empty 
font whose icon rectangles are the same as the input 
rectangle. 

L Ft = rectangle of font 


rctfnt accepts a font argument and returns its rectangle. 


menent - length of font 
lenfnt accepts a font argument and returns the number of 
icons in it as a natural. 

makenew - make a list 
This operator accepts a list argument and returns a new 
Wist. 

first - the first list 


first accepts a list argument and returns the first list 
semtalined in it. It is an error to take the first of an 
empty list. 


rest - the rest of dest 


rest accepts a list argument and returns a list containing 
uy ^n EIrst list: It is an error to apply this 
Operator to the empty list. 


F r SL - set of first lists 


This operator accepts a list and returns the set of all 

esti lists contained in it. Applying sofirst to a list 
which does not contain at least two sublists results in 

an error. 


14.3.2.  Dyadic Operators (DOP's) 


and, or 


and and or accept two boolean arguments and return a boolean 
result. 


add . sub,mul,div,mod - computational operators 


These operators accept integer, natural or intensity argu- 
ments (both of the same type) and return a result of that 
type. Divide by zero returns an error. div discards any 
um“. dU returns the remainder. mul, div and mod 
do not apply to intensity arguments. 


309 


cat - string concatenation 


roe 


cat accepts two string arguments and returns the concaten- 
ation of the first onto the second. 
=- poln location 


loc accepts two integer arguments and returns the defined 
PLNE: 


Usage - loc(x,y) where x is the x coordinate integer and 
y is the y coordinate integer. 


area - rectangle definition 


area accepts two unordered point arguments and returns the 
defined rectangle. 


inrct - point in rectangle 


inrct acceptS a point and a rectangle argument, checks if 
the point is inside the area of the rectangle, and 
returns the boolean result. 


Usage - inrct(p,r) where p is a point and r is a rectangle. 


intrct - rectangle intersection 


intrct accepts two rectangle arguments and returns the 
intersection rectangle. 


putrct -~ put rectang eae 


putrct accepts a point and a rectangle argument and returns 
the rectangle with the same area as the input and its 
origin at the point argument. 


Usage - putrct(p,r) where p is a point and r is a rectangle. 


mapsp,mapps - conversion operators 


These operators convert points between point coordinates 
and font spot coordinates. They accept a point and a font 
argument and return a point. mapsp takes a spot coordinate 
and based on the font size returns its origin point, e.g., 
the origin point of spot (2,5) UIT B or p 

point (20,30). mapps takes a point and returns the font 
spot that it falls inside, e.g., the point (217310 

10 by 10 font is un Sport (2 m 


Usage: 
- mapsp(f,p) where f is a font andapes a OU 


- mapps(f,p) where f is a font and p is a point. 


Ecolor get color 


gcolor accepts a point and a form argument and returns the 
form S eolor at that point. 


Usage - gcolor (p,f) where p is a point and f is a font. 


E] - fill the.form 


fill accepts a color and a form and returns the from with 
all its points set to the color argument. 


Usage = fill(c,f) where c is a color and f is a font. 


sblts,sbltd,sbltc - set ptblt rectangles 


These operators accept a rectangle and a ptblt argument 
and return the ptblt with the specified o set to 
the rectangle argument. 


sblts sets the source, sbltd sets the detaintion, and 
sbltc sets the clipping rectangle. 


nm Do wnerc z 4s afrectangle and b 1s ptblt. 


sbltr - set ptblt rule 


Sic accepes a Natural and a ptblt argument and returns 
the ptblt with copy rule set to the natural argument. 


Usage - sbltr(n,b) where n is a natural and b is ptblt. 


mint - is icon in font 


infnt accepts a natural and a font argument and returns 
a boolean result based on whether the icon indexed by the 
nautral argument is defined. 


Usage - infnt(n,f) where n is a natural and f is a font. 


dfnt - delete icon 


aint raccepts a natural and a font argument and returns the 
font with the indexed icon deleted. 


Usage - dfnt(n,f) where n is a natural and f is a font. 


fence — get icon 


maTUMICCepisca natural and Pront argument and returns 
the form of the icon indexed. 


Usage - gfnt(n,f) where n is a natural and f is a font. 


mi =- union of lists 


un accepts two lists as arguments and returns the union 
OF DON. 


s 


int = intersection cc Wl 


int accepts two list arguments and returns the intersec- 
tion-of botns 


cat = list concatenation 


This operator accepts two list arguments and returns the 
concatenation of the first list onto the second. 


get - get a list 


get accepts two list arguments and returns the list from 
the first argument that corresponds with the second. If 
any of the two arguments is the empty list the operation 
results in an error. 


de - delete a list 


This operator accepts two list arguments and returns a 
list that is equal to the second argument but reduced by 
the list indicated by the first argument. It is an error 
to apply de to an empty list or to specify a first argu- 
ment that is not contained in the second. 


retobj - retrieve an object 


retobj accepts two list arguments and returns the list 

that corresponds to the second argument. If the second 
argument is the empty list the result will also be the 

empty list. 


14.3.3. Triadic “Operators | er >) 


dcolor = detine color 


dcolor accepts three intensity arguments and returns the 
defined color. 


Usage - dcolor(r,g,b) where r is the red intensity, g is 
the green intensity, and b is the blue intensity. 
poffst 


poffst accepts a point and two integer arguments and 
returns the point that is offset from the point argument 
by the integer arguments. 


Usage - poffst(x,y,p) where x and y are the offset 
integers and p is the reference point. 
sttrct - shift rectangle 


sftrct accepts a rectangle and two integer arguments and 
returns the rectangle formed by offsettting its origin 
by the integer arguments. 


Usage ~ sftrct(x,y,r) where x and y are the offset inte- 
gers and r is the reference rectangle. 


Scolor - set color 


scolor accepts a color, a point and a form argument and 
returns the form with its point argument set to the color 
argument. 


Usage - scolor(p,c,f) where p is the point, c is the 
color, and f is the font. 


Hab = inverse form 


invfrm accepts a form and two color arguments and returns 
the form with its fore and background colors inversed 
by the color arguments. 


Usage - invfrm(fg,bg,frm) where fg is the new foreground 
BET X»g Ts the new background color, and frm is the form 
to be inversed. 


Sint - set font 


mod 


SNE accepesta Natural, sa form, and a font and returns the 
font with the new icon inserted that is defined by the 
form and natural arguments. 


Usage - sfnt(frm,n,fnt) where frm is the icon form, n is 
the index, and fnt is the font. 


- modify list 


mod accepts a dblist, an objlist, and a pvallist and 
returns the dblist with the new pvallist inserted into 
the appropriate position of the objlist identified by the 
corresponding 'pid.'' It is an error to apply a pvallist 
Solana object for which it is not defined. 


14.3.4. Quadadic Operators (QOP's) 


OLSE = tont offset 


foffst accepts two integer arguments as an offset, a point 
argument and a font argument. It returns the spot origin 
point based on the spot coordinate offset from the point 
“umcne, e.g., a Tont size or 10 by 10 which is offset 
INS ECON point (5,5) returns the spot origin point at 
735). 


Usage - foffstí(x,y,fnt,p) where x and y are the offset 
integers, fnt is the basis font, and, p is the reference 
popi. 


cpftrm = Lorn een ya 


cpfrm merges a source and a mask form with a destination 
form using the parameters in ptblt. It accepts a ptblt 
and three form arguments and returns the resultant form. 


Usage - cpfrm(pb,s,m,d) where pb is the governing ptblt, 
s is the source form, m is the mask form, and d is the 
destinacion orn. 


14.3.5. Sexadic Operators (SOP's) 


drawln - draw line 


drawln draws a line from point y to point z on the destina- 
tion form, using the specified brush and mask forms. It 
accepts two point arguments, three form arguments and a 
ptbit argument and returns a form. 


Usage - drawln(x,y,pb,b,m,d) where y is the start point, 
Z is the end point, pb is the ptblt, b is the brush form, 
mis the mask form, and d is the destination form. 


cpEnt ET 


cpfnt copies a font icon to a designated point on the des- 
tination form. It accepts a natural and a font argument 
which defines the source form, a point argument for the 
target location, two form arguments and a ptblt argument 
and returns the resultant form. 


Usage - cpfnt(p,pb,n,fnt,m,d) where p is the target locations 
pb is the ptblt, n is the font index; fnt rs the Tomi” 
is the mask form, and d is the destination form. 


14.3.6. Octadic Operators (OOP >) 


invint = Inverse tone 


invfnt performs the same operation as cpfnt except that 
the font icon is combined with inverse coloring. It 
accepts the same arguments plus two color arguments and 
returns the resultan foun 


Usage - invfnt(fg,bg,p,pb,n,fnt,m,d) where fg is the new 
foreground color, bg is the new background color, p is 

the target location, pb is the ptblt, n is the £ont TR iE 
fnt is the font, m is the mask form, and d xs the deste. 
tion form: 


14.3.7. Relational Operators (ROP's) 


The relational operators are: 


== = equality 
> =. greater than 


V 
I 
| 


greater than on egual to 
less than 

less than or equal to 

- not equal to 


— ^ A^ 
ll Il 
I 


They may be applied to int, nat, char, string, intens, pnt, 
and lst. 


If == or != are applied to arguments of different types, 
== returns false, != returns true. This applies also to types 
not listed above. >,>=,< and <= return an error if their 


arguments are not of the same type. 
Relational operators return a boolean result. 
14.3.8. Test Operators (BOP's) 


These operators permit the programmer to test a cell for 
type before attempting to access it. These are necessary be- 
cause AM considers it a fatal error to read from an undefined 
cell or apply an operator of one type on data of another. 

The test operators are the same as the type mnemonics, plus a 
mnemonic for testing undefined values: 


Woe! 
nat 
DEE 
char 
string 
intens 
color 
pnt 
m 
Bom 
L Ont 
put 
instr 
addr 
file 
undef 
pid 
val 
pval 
obj 
db 
lst 


Test operators accept a typed value and return true if the 
value is of the specified type, false otherwise.  undef re- 
turns true if a value is undefined, false otherwise. 


OFESE TE Offset an Address OFFSET 
Syntax: 

offset I,R 

R must contain a memory address value 


Operation: 

M NES oo 
Description: 

The sum of I and the address in R is stored in R. 
Example: 


offset. 2072 (0-0) 


Addressing Modes: 


I: a 
R: r ' 
Format: 


10250] |P] [3810] [operands] 
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LINK Link Frame and Allocate LINK 


Syntax: 
IO N 


Operation: 
Re --> address d 
address --> R 


Description: 


A segment of N cells is allocated from the heap. The 
value stored in R is save at the base address of the segment. 
The segment base address is returned in R. 


This instruction is designed to create dynamic links for 
local environments. 


Example: 
PrOC: eege r (025) 1 
move r(0:5 al r(0:0O) 
add MA (0: 0) 


move FO Dr 0:5) 284 
Ong nce) 
IS 
Above is an example of uplevel addressing. 


Addressing Modes: 


i r 
N: a 
Format 


10250] Tel [3811] |operands| 








UNLINK Unlink and Free UNLINK 
Syntax: 
ün ink R 


Operation: 
BA 


Description: 


The value in the base address of the segment pointed to 
by R is returned in R. The segment is freed. 


Example: 
Prog link O ee 
move ro: 2 (020) 
add {at OO Sr (0: 0) 


move EIERE 
unlink s 
res 

Addressing Modes: 


R: r 


Format: 
(02501 P] {2812 R OP Tr a 


GDWIN Get Display Window Location GDWIN 
EXntax: 
gdwin D,R 


Operation: 
PR > R 


Description: 


The value of the display window origin point at D is 
stored in R. 


Example: 
dawn a (0-0) (0 0) 


Addressing Modes: 
ESI 


Format: 
|0250! |P] |3813| [operands!| 
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SDWIN Set Display Window Location SDWIN 
Syntax: 

sdwin R,D 

R must contain a point value 


Operation: 
R --> D 


Description: 


The display window origin point at D is set to the point 
value in R. 


Example: 
Sawin r (0 0 0101) 


Addressing Modes: 
Rir 


Format.: 


|0250] |P] [3814| [operands] 


270 


GMTR Get Monitor Attribute 


Syntax: 


gomer T,R 


Operation: 
ie R 


Description: 


The T value is stored in R. 


Example: 
omer =D, r (0:0) 


Addressing Modes: 
Er 


Format: 


[0250] [P] € [2815] ... [281C| ) [operand| 


GMTR 


SMTR Set Monitor Attribute SMTR 
SYN bare: 
SmMmEr RT 


R must contain a value appropriate for the selected 
attribute. 


Operation: 
R --> T 


Description: 
The T value is set to the value in R 
Example: 
smtir -cru95:0)9 d 


Addressing Modes: 
IS NIS 


Format: 


[0250] |P]| ([281D]...[2824]) [operand] 
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MONADS Monadic Short MONADS 
syntax: 
“mop C 


where: 
<mop> is a monadic operator 


Operation: 


Eucpc --^ C 
Description: 


The operator corresponding to mop is applied to C and 
the result stored in C. 


Example: 
net 0005 


Addressing Modes: 


“r.d 
Format: 
|0250| |P| |[3830| [operand| 


2 


MONADL Monadic Long MONADL 
Sia 
MIOS CES 


where: 
<mop> is a monadic operator 


Operation: 


SI US ey 
Description: 


The operator corresponding to <mop> is applied to Cx and 
the result stored in Cy. 


Example: 


not OO LO 
farea  di0:0) 1090) 


Addressing Modes: 
EX" EQ 
Cy WI 


Formal: 


[250] [P] [3831] [operands] 
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MONADLI Monadic Long Immediate MONADLI 
Syntax: 
<mop> V,C 


where: 
<mop> is a monadic operator 


Operation: 


<mop> V -=--> C 
Description: 


The operator corresponding to «mop» is applied to the 
immediate value V and the result stored in C. 


Example: 


not eid e lag); (1:0) 
newfrm med udddrorccsize.-cdu0) 


Addressing Modes: 


V: 1 
we xd 
Format: 


|0250| E [4832 | | operands | 
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DYADS padres sem DYADS 
Syntax: S 
EE 


where: 
<dOp> 1S a dvyadie=operacor 


Operation: 


CYFL dOP ses. Y 
Description: 


The operation corresponding to <dop> is applied to the 
operands and the result stored in Cy. 


Example: 


and r9 9 as DEUS) 
fill r(0:0) ee: 0) 


Addressing Modes: 


Gre) ar AG 
ES Ol 
Format: 


10250] |P] |4833! [operands] 
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DY ADS T Dyadic Short Immediate DYADSI 
Syntax: 
saop> V,C 


where: 
<dop> 1S a dyadic operator 


Operation: 


EE Mee C 
Description: 


The operation corresponding to <dop> is applied to the 
Operands and the result stored in C. 


Example: 


sub ur PIED O 
mip colmo) 5990) Peer ( 0:0) 


Addressing Modes: 


Ui cl 
"Yd 
Format: 


[0250] |P| [4834] loperands] 


p 


DYADL Dyadic Long DYADL 
Sy Meare: 
< ep FC Y aZ 


where: 
<dop> is a dyadic operator 


Operation: 


CY don Ox —. 7 z 
Description: 


The operation corresponding to <dop> is applied to Cx and 
Cy and the result stored in Cz. | 


Example: 


add x00) 0 x COSE 
qgcolor E0090) cd 0r OS D EN 


<dop> Cx,Cy,Cy 15 equivalent to <dop> Gare, 


Addressing Modes: 


C aa 

Cy sie, 

CZ: Trd 
Format: 


|0250] |P] [4835] |operands] 
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— m: 


— 


DYADLI Dyadic Long Immediate DYADLI 
Syntax: * 
Sep EC 


where: 
<dop> is a dyadic operator 


Operation: 


— WW dop V ==> Cy 
Description: 


The operation corresponding to <dop> is applied to V and 
Cx and the result stored in Cy. 


Example: 


add ers OR MODs x s) 
cuc Rom Rm 0S so 0) 0:0) 


<dop> V,Cx,Cx 1S equivalent to <dop> V,Cx 


Addressing Modes: 


M. 

CAS ,.d 

Ss a 
Format: 


[0250] |P] [4836] [operands] 


TRIADS Triadic Sheme 
Oy meee. 
SCOP EX, EM ez 


where: 
«top» is a triadic operator 


Operation: 
STOD? CX, CY Cz MZ 


Description: 


The operation corresponding to <top> is 
operands and the result stored in Cz. 


Example: 
St ri 0s) (0: OE 


Addressing Modes: 


(rore ml 

Cu e 

(occ 
Format: 


[0250] |P] [4837] |operands| 


TRIADS 


applied to the 


TRIADL Tata ale ONG TRIADL 
Syntax: 
SIS Z Cw ,.Cx,Cy,Cz 


where: 
op- is a triadic operator 


Operation: 


OP CW, Cx, Cy ==> CZ 
Description: 


The operation corresponding to <top> is applied to the 
operands and the result stored in Cz. 


Example: 
sello Or (0:10 50 (0:2) L 0.5 3 


Addressing Modes: 


Cw. r.d 
"e r,d 
Qo r,d 
Sa r:d 
Format: 


[0250] [P] [4838] [operands] 
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QUADS Quadic Short QUADS 
Syntax: 
<gop>— Cw, C yz 


where: 
«qop» is a quadadie operator 


Operation: 


<GOp> EW EX EY 62. ae ees 
Description: 


The operation corresponding to <qop> is applied to the 
operands and the result stored in Cz. | 


Example: 
cpfrm r(0:0)7d (008E r (0 D 1 OnT) 


Addressing Modes: 


CW: IF? d 
Gr ds al 
SI 
CE GL Ol 
Format. 


|0250] |P] [4839] [operands] 





QUADL 


Syntax: 


<aop»> 


where: 


<qop> 


Operation: 


<qop> 


Description: 


Cynew, CX, CY PEZ 


Quadic Long 


is a quadadic operator 


PIERNA ENS > CZ 


QUADL 


The operation corresponding to <qop> is applied to the 


operands and the result stored in Cz. 


Example: 


Addressing Modes: 
a 
Cw: 
Cx: 
Gy: 


a 


GZ: 


Fornat: 


Ec 
E 
js cl 
Eccl 
Yd 


SO a (022), (0:35)  a(0:0) 


|0250] |P] [483A] [operands] 


2 


SEXADS Sexadic Short SEXADS 
Sy Mita: 
<SOp> Cul, Cv ; Gwe cy c 2 - 


where: 
<sop> is a sexadic operator 


Operation: 


<SOp> Cul, Cv 7 Cw, Cx, Cy a ees 
Description: 


The operation corresponding to <sop> is applied to the 
Operands and the result stored in Cz. 


Example: 


drawln r(0:0),r(0:1),r(0:2),r(0:3) rc 


Addressing Modes: 


Cms xc: al 
rcl 
Cw: ord 
Cor vcl 
Cys Gre 
C2: r-d 
Formac: 


[0250] |P] [4838] [operands | 
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SEXADL Sexadic Long SEXADL 
Syntax: 
EE EE EE 


where: 
<sop> is a sexadic operator 


Operation: 


SO CL ,Cu,Cv,Cw, Cx, Cy === "Cz 
Description: 


The operation corresponding to <sop> is applied to the 
operands and the result stored in Cz. 


Example: 


Gein ID 0) IT Orci, (0:3) ,r(0:4), 
ca O yc) 


Addressing Modes: 


Gee rd 
cues cd 
en r,d 
Gu bd 
e. q 
Cre rd 
ic rd 
Eormat: 


10250] |P| [483C| [operands] 


D 


OCTADS Octadic Short OCTADS 
EE 
SEET EE E 


where: 
<oop> is a octadic operator 


Operation: 


<oop> Cs,Ct,Cu,Cv,Cw,Cx, Cy , 20a ez 
Description: 


The operation corresponding to <oop> is applied to the 
operands and the result stored in Cz. 


Example: 


invfnt r(0:0) ,r(0:1)2%?r (0: 2 Pr (0 Bn 0: T 5 OiER 
EUO SG) CHOT L 


Addressing Modes: 


cse rg 
Cee 7.0 
(Cu: uc 
Eye ee 
cw. 
cal 
Cyn Ad 
Cd 
Fe ET Uc 


'0250| [PT [483D| loperands| 
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OCTADL Octadic Long . OCTADL 


E Wmtax: 
<oop> “Sc, Cu,Cv,Cw,Cx,Cv,cz 
where: 
<oop> is a octadic operator 
Operation: 


EF OS, Cr, Ou, CV , Cw, Ox, Cy >> _Cz 
Bescription: 


The operation corresponding to <oop> is applied to the 
operands and the result stored in Cz. 
Example: 
iris fl UI A 993 1r(0:4),r(0:5), 
gU onec 0 Om: 1) 
Addressing Modes: 
cr, 
ese r,d 
A rd 
mus. rd 
a r,d 
Cw er iC 
r a 
Til 
d 


Ou 


Ci 
ey: 


CZ, 


Hormat: 
Wa o (Pl 4839F] [operands] 


ES 


MOVE Move a Value l MOVE 


Syntax: 
move <eal>,<ea2> 
where: 
<ea> must be one of the addressing modes listed below 


Operation: 


source --> destination 


Description: 


The value found at the source address is copied into 
the destination address. 


Example: 

move x 007090) c0) 

move d oa 4) 

move r(0:0),data 

move {addr,data},r(0:20) 
move (jn 100 r 0 0) 
move r(0:20) @10,r(0:10) 

data: ds 100 


Addressing Modes: 
<cal>:/d,E,61,ri1d, Eran m mer 1 


<Baz>s ay 6/1, 1d, POR ma x 


Format: 


0250] [P] ( [HESS]... [E881]! sperands] 





PUSH Push a Value PUSH 
Syntax: 
push <ea>,S 


where: 
<ea> is one of the addressing modes listed below 


Operation: 
ICO o 
Description: 
The source value is pushed onto stack S. The programmer 


has no access to the stack pointer. 


Example: 


pusna mts 100910) 
Bus Fr (O 10) sl) 
pun 0: 0) s (D) 
Addressing Modes: 
ENG Por Deri ry ri rd, ridn, 


5S: S 


Format: 


|0250] |P|[H8807/...|H887|loperands| 


POP Pop a Value POR 
Synta: 
POP S ea. 


where: 
<ea> is one of the addressing modes listed below 


Opera lon: 


S --> destination 
Description: 


The source value is popped off stack S and stored at <ea>. 
The programmer has no access to the stack pointer. 


It is an error to attempt to pop a value from an empty 
Stack. 


Example: 
pepe 0 s (O 
pop s(0) ,data 
pop s (1)y d (0: 0) 
data: ds 1 


Addressing Modes: 
SES 


Seas UM. por) cal rus mn 


Format: 


[0250] [PI ( [8889]... H88£] ) loperands| 
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EE “FESmov— — nc EWeOE a Stack POPX 
Syntax: 
T sS 


Operation: 
S ==> 


Description: 


The top value of stack S is removed. 


It is an error to attempt to remove the top of an empty 
Stack. 


Example: 
popx s(0) 


Addressing Modes: 
S, S 


Format: 


|0250] [P| |2888] |operands| 
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NOP . No Operation 
syntax: 
nop 


Operation: 


Description: 
Does nothing. 


Addressing Modes: 


Format: 


[0250] [P] [18A0]| 
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NOP 





STOP Halt Execution 
syntax: 
stop 


Operation: 


Description: 
Execution is terminated. 


Addressing Modes: 


Eormat: 


po ip]. [FOA] 
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STOR 


JMP Jump JMP 
Syntax: 
jmp <ea> 


where 
<ea> is one of the addressing modes listed below 


Operation: 


Sog =—> PC 
Description: 


Execution resumes at <ea>. 


If jmp follows a rorg directive, a jump to memory abso- 
lute is converted to a branch. 


Example: 
jmp here 
Jinpar (0 ° 0) 
nere: jmp) (te SO a 


Addressing Modes: 


<ea>: m,r,mi, pcer 


Format: 


[0250] [P| (H8A2|... |H85A4| )operands| 
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BRA Branch BRA 
syntax: 
bra <ev> 


where: 
<ev> is one of the addressing modes listed below 


Operation: 


PC + <ev> ==> PC 
Description: 


Execution resumes at the sum of the program counter and the 
effective value. 


Example: 
Dral 00 


Addressing Modes: 


<ev>: a,r 


Format: 


|0250| P] |H8A5[...|H8A6] ) loperands| 
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IF IF: Conditional JOmp Branch IF 


Syntax: 
if R <SYOp> <ev -M 
if <bop> <ea>,M 


where: 
<rop> is a relational operator 
<bop> is a test operator 


<ea> and <ev> are one of the addressing modes listed below 


Operation: 


1f R <rop> <ev> then 
Dc Rp 


if «bop» «ea» then 
. M --> PC 


Description: 


If the comparison ls true, execution resumes at M; other- 
wlse,with the next instruction. 


Example: 
MO Verio 0 O p) 
Toop: 1c r{(020). < {iinet | done 
sub nw I, 0 9 
jmp Loop 
done: le int data, loop 
data ds T 


Addressing Modes: 
R E 
sou c m 
S r m 


Mom per 


FO I ds: 


0250] [P] 


( 58A7[, 58A81,|58AB|,|58AC|, |48AF[, |48B0|,|48B3|,|48B4| } 
|operands| 
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IFTE mcn EIS SO. Coc Jump/Branch TERE 


NEE e : 


IO Rev >, Mx”, My 
Xt <Dbop> <ea>,Mx,My 


where: 

<rop> is a relational operator 

<bop> is a test operator 

<ea> and <ev> are one of the addressing modes listed below 


Operation: 
WER <rop> <ev> then 
IE DC 
else 
M Dc 
if «bop» «ea» then 
ee PC 
else 
Mas IO 
Description: 


If the comparison is true, execution resumes at Mx; 


otherwise, at My. 
Example: 
SCAS ~e(0:0) > es (021) ,casel,case2 
stuff: move çr(0:0) data 
casel: jsr HIS. (0) 
EI int r0- 0), casel 
stop 
case2: sr second,s(0) 
stop 


Addressing Modes: 
a 
sey Y,l 
S um 
BRA, Per 


MISIL POr 
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Format: 


0250] [2] 


[ [6849] ,[68AA]|,/68AD],|68AE!|,|58B1],|58B2|,/58B5],|'58B6| ) 
|operands | 
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"SR Jump Subroutine JSR 
Syntax: 
jsr <ea>,S 


where: 
<ea> is one of the addressing modes listed below 


Operation: 


PC --> S 
<ea> --> PC 


Description: 


The program counter is pushed onto stack S, and execu- 
tion resumes at <ea>. 


Following a rorg directive, memory absolute is converted 
automatically to program counter relative. 


Example: 


jsr MS ÔD 


Addressing Modes: 


eq : Im, mili,r DOED SS 


Format: 


ese) eB]... 





H8B91 } [operands | 
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BSR Branch Subroutine BSR 
Syntax: 
bsr <ev>,S 


where: 
«ev» is one of the addressing modes listed below 


Operation: 


PC --> S 
PC + <ev> -=--> PC 


Description: 


The program counter is pushed onto stack S, and execu- 
tion resumes at the sum of the program counter and <ev>. 


Example: 
bsr AO SON 


Addressing Modes: 


Seva: Mia o S 


Format: 


I0250| |PI ( [38BA|[, 38BB [| ) 





operands | 


5 510 





RTS Return from Subroutine 


Operation: 
EN PC 


Description: 
Execution resumes at the address popped from stack s. 


Example: 


Mere: add oe EF OO) 
FtS s (0) 


Addressing Modes: 
DS 


Format: 


[0250] |P| l28BC| [operand| 
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OPEN Open a File OPEN 


Syn Ga. 


open $ 


Operation: 


S ==> 
Description: 


To open a file, four file parameters must be pushed on 
the stack, in proper order, before the open instruction 1s 
invoked. These attributes are: a string atom for the 
filename, afile descriptor atom, an integer atom for the 
access mode, and an integer atom for the data type (raw or 
AM typed values). The open instruction pops these parameters 
off the stack and opens the file. All future file operations 
are referenced by the file descriptor. 


Example: 


datafile GG oae 
push {string,"filename"},s(0) 
push {datafile},s(0) 
push in 0 OD 
push IAS (0) 
open s(0) 


Addressing Modes: 
Sa 


FOrmMat= 


10250 [P| [28CO| [operand| 


IZ 


CLOSE Close a File CLOSE 
Syntax: 
close S 


Operation: 
S ==> 
Description: 


The file descriptor atom must first he pushed on the stack. 
The close instruction pops the stack and closes the file. 


Example: 
datafile equ EU 
push {datafile},s(0) 
close s(0) 
Addressing Modes: 
s S 


Format: 


Deo |P] |28Cc1] [eperand| 
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READ Read a File READ 
Syntax: 
read S 


Operation: 
om 


Description: 


The file descriptor atom must first be pushed on the stack. 


The memory address atom for the destination buffer cell is 
pushed next. The read instruction pops these parameters off 
the stack and puts the next file cell in the destination 

Dut Gem. 


Example: 
doom rem equ iuc 
push {datafile},s(0) 
push {addr,data},s(0) 
read  s(0) 
data ds 100 


Addressing Modes: 
E EE 


Formar: 


[0250] [P] [2802] [operana] 


354 


WRITE Write to File WRITE 


Syntax: 


writes 


Operation: 


S ==> 
Description: 


The file descriptor atom must first be pushed on the stack. 
The memory address atom for the source buffer cell is pushed 
next. The write instruction pops these parameters off the 
stack and puts the contents of the source buffer cell into 
the next file cell. 


Example: 
datafile equ {file,3} 
push {datafile},s(0) 
push {addr,data!,s(0) 
write s(0) 
data de (sering, hello world" 


Addressing Modes: 
Su S 


Format: 


[0250] [PI [28c3] loperand] 





WRITE Write a Value to the Queue WRITE 
Syntax: 
write<ea>,O 


where: 
<ea> is one of the addressing modes listed below 


Operation: 


Source --> O 
Description: 


The source value is written onto gueue O. The programmer 
has no access to the gueue pointer. 


pocampie- 


Wie te (nac. 270 OD 
write r(0:10) 7 


Addressing Modes: 
«ea» : m,r,i,q 
O: q 


Format: 


0250| (Plt RE H897 EEN 


En 





J 
| 
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READ Read a Value from the Queue READ 


Syntax: 


read O,<ea> 


where 
<ea> is one of the addressing modes listed below 


Operation: 


O --> destination 
Description: 
The source value is read from the queue Q and stored at 


<ea>. The programmer has no access to the queue pointer. 
It is an error to attempt to read a value from an empty queue. 


Example: 
read g(0),r(O:l) 
read: q(0) ,data 
qata: ds1 


Addressing Modes: 
O: g 
<ea> : m,r 


Format : 


foe Ae [m899].. . eo] | loperands| 


2.7 


DELETE Delete the Front Value of the Queue DELETE 


Syntax: 
delete O 


Operation: 
Q =--> 
Description: 


The front value of queue Q is removed. It is an error 
to attempt to remove the front value of an empty queue. 


Example: 
delete  q(0) 


Addressing Modes: 
Q: q 


Format: 


[0250] |P] [2898] |operands| 
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OPEN Open the Database OPEN 
Syntax: 
open D 


Operation: 
D 


Description: 


A database identifier is required to open the databse. 
All future operations are referenced by this identifier. 


Example: 
open (database,databaseid) 


Addressing Modes: 


pi 


Format: 


[0250] |P] |[28C4! [operand| 
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CLOSE Close the Database 
Syntax: 
close D 


Operation: 


D ==> 


Description: 


The database identifier is required to close the database. 


Example: 


closeídatabase,databaseid] 
Addressing Modes: 
Des 


Format: 


10250] [P] [28C5] |operand| 
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CLOSE 


y 
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